Overview

overview

6

Static

static

3

fezolajavamiwozu.pdf

windows7_x64

1

fezolajavamiwozu.pdf

windows10-2004_x64

6

Analysis

  • max time kernel
    4294180s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    26-02-2022 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fezolajavamiwozu.pdf

  • Size

    291KB

  • MD5

    6f3e481c8125a4fd367ddfa7cb0fa258

  • SHA1

    9e9b200e1a7cde4ea9e5ba7c326ffe80b1320caa

  • SHA256

    e34006141c32e88bf9e7b9f42b69744a0a83d28cf1ae204bb82c1e15f468e865

  • SHA512

    dc66cf3281ded870a181b5d2e2aff6e5b22fc21b0fbe653cae0b5d06c90aaab521ada1613a5991106c9c894e0768aa62205bce3e561f6bd24990ba4635d0c769

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fezolajavamiwozu.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://yoyep.co.za/XSRYdR1H?utm_term=fish+protein+gel+electrophoresis+lab+report
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1112
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:406535 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:2110483 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    MD5

    54e9306f95f32e50ccd58af19753d929

    SHA1

    eab9457321f34d4dcf7d4a0ac83edc9131bf7c57

    SHA256

    45f94dceb18a8f738a26da09ce4558995a4fe02b971882e8116fc9b59813bb72

    SHA512

    8711a4d866f21cdf4d4e6131ec4cfaf6821d0d22b90946be8b5a09ab868af0270a89bc326f03b858f0361a83c11a1531b894dfd1945e4812ba429a7558791f4f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    7e09bfd67be7fcf715070199bf9dde69

    SHA1

    ee2d12bfcc4ca5c84daec3dd9d334d1b7f305ff1

    SHA256

    94f667703b5c55d8095b7d3ce203117959c3564a8cbec0e1c2f801b055b6a908

    SHA512

    344e366cac382292edd0ee2eccaf3420d3a00bc2581a32ccacbf53cba9eb1b824b72db20e6cf0947dce42cc6e5af7720cd0d093b89257d5e5fa2928d676862f2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    637481df32351129e60560d5a5c100b5

    SHA1

    a46aee6e5a4a4893fba5806bcc14fc7fb3ce80ae

    SHA256

    1f1029d94ca4656a577d554cedd79d447658f475af08620084897a5523587052

    SHA512

    604bfd0a78a57dfddd45872803501ad89491e37e89e0778b0f13644fa9164ff509955a57469dfdd65a05bbedaf0acb669f68430e84800d17efe7d360a70569e3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    MD5

    4dec55939415ff2070caf96b506885d1

    SHA1

    fa76f2311f774e94366c746cbebd0603f9d2b73d

    SHA256

    622f901c331d736b88a458a972180893cca3aa544a895d29223798580effeec7

    SHA512

    0ffff4f7233e37d0d9d83c73dd5a4a79311645afc03bcbf6c1ac89f2730707a207d681e18a40bc96858989e1fe4d690f9dbece8e9e2a838e6d952a8f2d4d59e2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    79efae2a95c6516eeb08f64c1fa2fbff

    SHA1

    61f0fc174209ca42fb32f79459eb911d0ac7d123

    SHA256

    2a5c2a3fb11aa6f2a6ad5f11e62d648f365fa7d9f4c583e62c4fac5ab144bbd1

    SHA512

    53d56d9c452e541e07d9619487ea6f0c6d5641d3fe7c5574871aee15f2f19947c33313bb9765c93b56e72c5379dc211db7e50b5751c23211bfe6ad05a84eca0c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    51f22437187dbc710221275ec7249d6f

    SHA1

    9b916994a0cd2f22cdd178f1bebbe3a4064e6934

    SHA256

    52ee28a7b92f46cf1141c78c66c58185f5bc7000b51e6704a0e935bb69510e68

    SHA512

    ac3bfc27f0315c669a63e45909df5f377e4ffb79e58cc3bb925904259ebff734b41008d6d71ea0af8f26e3bf35a28447d8a46222821d4b592388bc9cbcd545a1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    944c9607d9466dec48efaa75525d79b7

    SHA1

    f789f9c3021d5fa12a3713886547ac44cff2d70f

    SHA256

    d4be8600b304ad50a962dbfd781e4e1f60de7b522fc5f1a8d7a2b86997e49a86

    SHA512

    fc41abf2b389a4b402affcc0884149357d10773e3efc7cc058bc6efb67dba94e07715bfef86f44e2faabff3fbb2d683882fac7b6d2d1c0d1421c60c9ca7e6eef

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    db19df1bf0dc5854935a428825e01fff

    SHA1

    280ed535879ea79c85fcf016931f3cbd4dda575f

    SHA256

    8c9656884f04d2574160e5f6e999cb70580bb27677a927c4e75e9c59861ed8d1

    SHA512

    fb801ea60863c9b298c4a0a58e459d431fe1779e5b6b4ab0cf42c2f7823ec35ebefb7e7021e291bf11342e07dcbb8aef896e5817347e8ff8bce4dbe61e39d857

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5WNZF8E5.txt
    MD5

    d46d1ae157237ffdbb98260ada5c3de1

    SHA1

    dcb9a9423963f336ffb74e581b6705c51d046a64

    SHA256

    9c7626f9bbdf939876f91f85e5458983f581605542c8d374fdffb41aa05d268d

    SHA512

    030f4f77af8cab05fc33dbea7f6ff07a299a794be540be93e224ad8fc49ae7d1cb50118a347aadb2a96b92ce42693996ae38c82a073ad94847baa4333f4c9a4d

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B31PA1V4.txt
    MD5

    5b9ccb011d99bb6f8bae08612256757d

    SHA1

    f95a4e4fe5a0117552585fe8b5b655fd3066679d

    SHA256

    aefd88e709dd63145e9773b8559f60e89a15d6a5d7b5101bacd6f2d64476a01b

    SHA512

    b94722ede776f6ab541584e3dbb8af0f94c095121a889600a83a23df22340d61c5431a5234b8ab1b1f4abb69194f6ec4b38d05ec60fa64c53dc55e18aadef137

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UFKM38TD.txt
    MD5

    9f460b7fefffe36d8a4fb4365a8df542

    SHA1

    babdae55938970ecaf78a1eb5346e4370db4b8e2

    SHA256

    c1300ab812ef1b0075ce1e4e047c25bf21a87f5346869acaf3585f1998a51abc

    SHA512

    e04f4364f2f9f7e1ca352ddaa603b97d80c5171b3b955a9d33775c00639140239c19a4b2fdb2141872eadf580a71dfa7bbe652b2697dc19dff04d91d58052003

    Download Submit
  • memory/1476-54-0x0000000075BE1000-0x0000000075BE3000-memory.dmp
    Filesize

    8KB

    Download