Overview

overview

4

Static

static

4

1a9f775e93...46.pdf

windows7_x64

1

1a9f775e93...46.pdf

windows10-2004_x64

1

Resubmissions

16-03-2022 13:06

220316-qccq7aead6 4

16-03-2022 10:43

220316-msa1raagfn 4

16-03-2022 10:37

220316-mnxc7aagcj 4

16-03-2022 09:54

220316-lw79zsadap 10

Analysis

  • max time kernel
    4294234s
  • max time network
    183s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    16-03-2022 10:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a9f775e93356e6d09549721bcab5e5ded27ef7d3a2200cce80b1f89514c8646.pdf

  • Size

    776KB

  • MD5

    8a9f834abf7d6cfb6452ff3102ec998d

  • SHA1

    14e108594294c230a5445b6df54bb8f74a984cdc

  • SHA256

    1a9f775e93356e6d09549721bcab5e5ded27ef7d3a2200cce80b1f89514c8646

  • SHA512

    68671bf392af9f82de5e3d99e7a13f04e82faab6cb980d5371dce5f08c2f85661f5e6d8016ec15e43c323f41fe304ddb7b95ff60fbc99b76c6295858d094bcbb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1a9f775e93356e6d09549721bcab5e5ded27ef7d3a2200cce80b1f89514c8646.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:572
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://mega.nz/file/Vm4URBzJ#FY1EJHN4p9g15II8MMv_Oo0xQVrh4Xg4w8zHMi7Poq4
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:308
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:308 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1580

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\shpg9mq\imagestore.dat
    MD5

    7f724399c7de10560e93dd46b2d91483

    SHA1

    00ec65f57afe975cc525e2a1b8c800b25f8dabfd

    SHA256

    3bf9234b2dfe197631b463d1574e9874f11cec3a1ebd8214533e8411d1a95343

    SHA512

    a429f351b8fe3fc80bc526b33f6e1f6441d8a014ccabfb90663b9f7788891694a62ea0ae5448836a3ed1469132a22a426e02f903fc039aa58787278e8b1215a6

    Download Submit
  • memory/572-54-0x0000000075561000-0x0000000075563000-memory.dmp
    Filesize

    8KB

    Download