Overview

overview

3

Static

static

3

Users/amcd...2c.pdf

windows7_x64

1

Users/amcd...2c.pdf

windows10-2004_x64

1

Analysis

  • max time kernel
    4294178s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    01-03-2022 13:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Users/amcdonald/AppData/Local/Microsoft/Edge/User Data/Default/Cache/Cache_Data/f_00022c.pdf

  • Size

    42KB

  • MD5

    0f9228a81588ecebb0f681b8054e8954

  • SHA1

    b3f9ca5efeb1dd745c928bab2127207fd63cf734

  • SHA256

    047bfedab5b146d47bc02f00e4e35ae9dc6c39b71de37b9ccef1579cad45953f

  • SHA512

    928a61a0a1f872ce76a1757c7b0e1e6c5034293a5a2501129b10a270ca7a12074ccf97bd93adc08c5451206c4bb49fd9cd5a2a53a2fb89f38df71c473ebcf2ec

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Users\amcdonald\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00022c.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://gettraff.ru/wb?keyword=accord%20business%20income%20worksheet
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1120
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1120 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:724

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    637481df32351129e60560d5a5c100b5

    SHA1

    a46aee6e5a4a4893fba5806bcc14fc7fb3ce80ae

    SHA256

    1f1029d94ca4656a577d554cedd79d447658f475af08620084897a5523587052

    SHA512

    604bfd0a78a57dfddd45872803501ad89491e37e89e0778b0f13644fa9164ff509955a57469dfdd65a05bbedaf0acb669f68430e84800d17efe7d360a70569e3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    afe42bce48ba4364260ae31221814bcc

    SHA1

    cf706660f8570614dcaf4770153140681445085f

    SHA256

    8e6d67d980eb8e9c3fcd78e0e9e8d1dcbc94acb583319b756eb2e4369ef30138

    SHA512

    0664b3d29387c18b1c40391465ecf1f7b93fc2fac5a4b4f189f96ef1785bf66baaf7f2c14db84a6652601f67875c5ee065f8beaf8230a21d451423218fbb0c36

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LXR2UH9W.txt
    MD5

    ab48fba819dd10e05d50866c19983e96

    SHA1

    e547904acb88f818e1be070641c459d28518d411

    SHA256

    ba124765a55f14dac40a05df00666d3a8adca943b1472e4cd628a7b4fbd85ddf

    SHA512

    73032231f09730a844d7c9ce186f343b58cdf912481c7c1aa73eaa601536331a2bbbbbc75727ac7ac30b53cbf141ee8b25c132874d00c8fc9085934c3a077e12

    Download Submit
  • memory/1788-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp
    Filesize

    8KB

    Download