Overview

overview

3

Static

static

3

dda649191e...11.pdf

windows7_x64

1

Resubmissions

03-03-2022 17:35

220303-v551nacad2 4

03-03-2022 17:20

220303-vwsnzacab2 3

Analysis

  • max time kernel
    143s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    03-03-2022 17:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dda649191ed0536d0b9e588af732fdccf2061543081c2b9cef265fab41cc2711.pdf

  • Size

    441KB

  • MD5

    cb40d2ea518a70294f2efb5dff8841df

  • SHA1

    20a713a751deed2a49b18101f735e63ddabfd403

  • SHA256

    dda649191ed0536d0b9e588af732fdccf2061543081c2b9cef265fab41cc2711

  • SHA512

    6f0fbbbfff8b64c5d7e23541fd281eb25b392e99d53ba016edaf889189d89d2259ff66c042fe50050d0ea051131c815192bf4bdff3fae175acd82492f8e95f7e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dda649191ed0536d0b9e588af732fdccf2061543081c2b9cef265fab41cc2711.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://norin.co.za/XSRYdR1H?utm_term=live+sports+tv+apk+android
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:904
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:904 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1672
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:904 CREDAT:209947 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:868

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    4f32fbcf1ba3917e17be5ce51fd455a5

    SHA1

    af1b7d8bda1825bfa3ee53ffff1ae367d81649da

    SHA256

    2077d2a23ea0311e79acae14f0363173263e23f147046d1f6fe2ef1a8b3bb9db

    SHA512

    1dd0c3c116752120923e7e2980b04acc3f51a3c1e22069f07154169b5149be3d949e43767e56654f230b1ee3a64387d97f5d2b4b6eb38c22cee3c30f238c43d0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    637481df32351129e60560d5a5c100b5

    SHA1

    a46aee6e5a4a4893fba5806bcc14fc7fb3ce80ae

    SHA256

    1f1029d94ca4656a577d554cedd79d447658f475af08620084897a5523587052

    SHA512

    604bfd0a78a57dfddd45872803501ad89491e37e89e0778b0f13644fa9164ff509955a57469dfdd65a05bbedaf0acb669f68430e84800d17efe7d360a70569e3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
    MD5

    46ccf856fee9264a8af117b32786253a

    SHA1

    53193ce66a47b2315a59da85b5c5214f202974c5

    SHA256

    a9da62f209f977ffe00e50d4965faaabbf223abec50f8e5799bd8f5f44f43669

    SHA512

    b4d509dde77d9cd218705fcd35297b5ce6ff042868770f443b7f1e542b122dc0b3f6466971d06d391da29fe208486c87e220cf693a7cbbed3080582867c317d2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    00cd875e4eaf710a80b13c8cf2944dc6

    SHA1

    8b0d1976db49e026f0dd9022b494bcfcdbbf19aa

    SHA256

    9fde7678b944c89d3cd0dba29035438846bf79fb32d2c191c85132557dae9c31

    SHA512

    821a9bb0cd1e5a616125ad34b35c7137b46f1fc6fec7206d0d4a0f98cc9f26b86db7b3780c893681659a15857f2abf07b0d5a4b95b1a9a4644588323010f6133

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    cf9e4066b2ea241b370ee9a9c9668044

    SHA1

    c2d1a01e823ff293896415b3efa25ce046d00fe6

    SHA256

    4ae509f435f0124323084c8e8e260e9821ff90bdbf6471e21c3677d6b2b4b355

    SHA512

    a071f2b50393b5c52a40dade0e9ec919d9a5e8983cd6efb47e8cd1f1e684f2ecc19df45e7354ad2c62925c2afeb4b04f289b4091ac11cf7f6ad566420c78c6b2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\7w612sw\imagestore.dat
    MD5

    315d37097e185e5ae8a89eef57c11565

    SHA1

    2e3b66fd10742a314399da4f339eecbd9e188694

    SHA256

    95fea591197fb8e146406c8b565aa8a5da051960ab82caff9c2fc1ac725698b0

    SHA512

    84e76bbd506040534160185f1c26499aaf7d4b9b3c88860b2eb63322da62d05717369f5df9e385b88bb006c7621e2ef1d4fca25e7784c479f349af8f21d20701

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0WNLGKLR.txt
    MD5

    80b036f7a31b025f9102571fd7157a17

    SHA1

    8388c564fc6e276a74a49fb714a68dbd5be9da47

    SHA256

    02c18377f08d3a1259a535865fd627cdb6cb6c67551263ae3a267dd70fe667fb

    SHA512

    22af520264553a045491d18e8172be79a795a4b6ea254b90f392eb4473514be1f9017ee0156877fd3e421948e172f516538555c7a0412879ad54996d00be89e3

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SGQAZ8Q4.txt
    MD5

    d2a065d8ab1a6e2935521010474db3f3

    SHA1

    c961fc27acf058e2d1cba5f3e52e3edb67fc7ca0

    SHA256

    802c636cbc6ea78e4bd5d933e2f97d472d0955f1d5bf46263a53c694b9eb634d

    SHA512

    37467a50c12797ea8d399328b1b1b225360796e0a6b3a15f2f68b0d32f654b4dfdac51761b4ffa86895940f3abfac7b62f4aa4e0c4ea710e919356bb9cdd12a0

    Download Submit
  • memory/1192-55-0x0000000075831000-0x0000000075833000-memory.dmp
    Filesize

    8KB

    Download