Analysis

  • max time kernel
    129s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    15-01-2022 16:03

General

  • Target

    16072221066cf9---sukinumer.pdf

  • Size

    74KB

  • MD5

    2079f4005121937ec4155cbf95d61154

  • SHA1

    92bc3b68cb19c0e4d1bc0bddb72cd3af0adea8db

  • SHA256

    7700956c40e85ab484f4d4c937dd41d9f7733e5f83fdb14ac6d67d2072edfffa

  • SHA512

    5b7bf1f16d44ceddd88ee852f591d4aaade13b7602f23000e02971acc883408b38469be0884a69fbf89c1145fcdc1ba4c4a311b7522ed4e2dd4f8921a772decb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\16072221066cf9---sukinumer.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://feedproxy.google.com/~r/skout/mBVl/~3/BvfzZFkJO3s/uplcv?utm_term=lcd+vs.+plasma
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1620
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1576

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    fe3025a5c29967d74514fc88e4982fe5

    SHA1

    c3da795b869a5b02882c38f7dca4df095e03ef2c

    SHA256

    587dab35c0f4be656fc0755f2312db6c7bfadccf89353f154b7a15c457387205

    SHA512

    5c16a81f779d5305f983d1634f103463f714dcf181877d4011f1f82784616ba00cc368bad5618c7a34be3329cbb534fd555022a30d9ce32fbdc0247d2f4a80fc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\210AZLWT.txt
    MD5

    081c74e8801388df86ae61d93a47487c

    SHA1

    fa58c0a729b8a3b0b0935426163de4c877b8e5a5

    SHA256

    76540e90eacedd38e9f92cca244c70d375d8ae6500749301dfcbe58ffe712954

    SHA512

    2e71d0924e061b0d18ee8766593e0b20c61987e9a1df224348cece00f591489413df4193451b547a7dcdc5f1c3805482533d74df55017c6236e839f649240102

  • memory/964-54-0x0000000075471000-0x0000000075473000-memory.dmp
    Filesize

    8KB

  • memory/1576-57-0x0000000000000000-mapping.dmp
  • memory/1620-55-0x0000000000000000-mapping.dmp
  • memory/1620-56-0x000007FEFB611000-0x000007FEFB613000-memory.dmp
    Filesize

    8KB