Overview

overview

4

Static

static

3

Deuda_Pendiente.pdf

windows7_x64

1

Deuda_Pendiente.pdf

windows10-2004_x64

4

Analysis

  • max time kernel
    4294200s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    18-03-2022 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Deuda_Pendiente.pdf

  • Size

    38KB

  • MD5

    f24013302c99b27bf4bb4929de808f46

  • SHA1

    5816c6e9d39aa7d4871d8b50a19457c3089899bc

  • SHA256

    bd6a7d7eb475c40c163eb9ade7adcf74a7c444c051a14614b18acad07966a951

  • SHA512

    12c71d36b4d3b89edcb77f7b0361bee910779949bb2e0bf7f30498d6196b9f5e2b6df9d4f24fc312cd7fe42da7437acea4a1520506cfd96421e8053d9b1e6c73

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Deuda_Pendiente.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://factura.webredirect.org/jhsfdre5343dfsfdvgdfsdrejshdnvfesdcf444.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:824
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:824 CREDAT:275459 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1544
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://factura.webredirect.org/jhsfdre5343dfsfdvgdfsdrejshdnvfesdcf444.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1204
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1204 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1792

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    1edf6412220b9da2a9d5ac13e9605658

    SHA1

    1b05cb07973511a8163affdf074f1def7cde9f28

    SHA256

    ae93563bdc0361b8f5e313934cb6606d729e3dc8369a76f3ab200daea60a8361

    SHA512

    0bbc89bf2b1a0b501e004b0988cc1f200217bba7904353ce8720b45c815d30c5d76c755dae13a55b048a9ce3f16dfedd9709250578a05d2246e675cafbfa4a6d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_4A0A3573ED12B711B8F2EB1B74DBA035
    MD5

    48518c4e454c861c565b7688de14d75c

    SHA1

    8dadd6ea437c0496d7d66c089976791084b7f8d4

    SHA256

    8431f2146618b7291e74746533ba4b75390f752d9ef178135f197958e77296a6

    SHA512

    e5264878b506ad1f29d820b5a4cd9a052a94046a222ffdb975c0fe30135e58a004355f2c9164ce431fb4d475687f5cc8688a2721be4da681303774526ca4a144

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_5C92D2665148840E382E6396933FECA4
    MD5

    c70d02a8bfc30b670344e64a022d5aea

    SHA1

    2c530472ff600ea4b56b82b8da5f2d6fa5334955

    SHA256

    3d1f5203d241c6fe6fc50562c21203ddd7418a7aecaecd99935dad9f7abd0dfe

    SHA512

    d6acba24e1726ee47f89553493e1895f570989d5f48ce0fafbdfa7c82f80351b1357688115b4aa7d215ebc40dbf6bf43104f8129bdb9b5bad3e2ba6fab015742

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64e9b8bb98e2303717538ce259bec57d

    SHA1

    2b07bf8e0d831da42760c54feff484635009c172

    SHA256

    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

    SHA512

    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_946D9864B4F1FD10771D10327B5724D7
    MD5

    ba9e44cb1a68f41f1381a20cce5b95c7

    SHA1

    da110e8fba3d63543b6f6824720f593e2348fcb6

    SHA256

    0512c42ab6853705912811151e6aebb765727d145113767a55d237431b703473

    SHA512

    13be736e0b615af79e41d918260e34aa9a8522ef6edb927044e77e509a1d1eac62a60c96b22c80971cd27d547e300beb2c705cf6ae1a3b5c9eb6074321f32aa0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    1630d8d66557158072e88d628a8a1c65

    SHA1

    ebb838f7b44b9010a9b51295dde9728b12965311

    SHA256

    9d3865b4b046ba722990b4461845db00b7ed1ca5390229c23d5b39614f19e59f

    SHA512

    dd2c321186eb392462012abaece1db89404870f08292971ee68e52e8410fdcf43d2859849aff50e58990600a6b1334d71b7470e5a7f36be1f5093073f68c8d5d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_4A0A3573ED12B711B8F2EB1B74DBA035
    MD5

    2a6a085dfda265cd56d5855b6fc124f4

    SHA1

    c4b55aff94009f35820ca11d40d080cd6e342be9

    SHA256

    00e03bced807d08574ed0fd55e10bafda5290a360c12196aafe006a70192b63f

    SHA512

    187ca71edc001951112fec33530e5d61f021f1fbb570f5be0140a2c3c605613de2900dd2b1305d5c87c979e1db4170ab4b869f0a3101850481e6fe20427a9620

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    52e5f0e60643d9accfd95ac842c3bf2e

    SHA1

    04d984be428fb61dec56faf3a1c8e8d33a5ac282

    SHA256

    8a48958f4bd93481c96cc22b8850120cd09459bb6ee47008fe8645eebb99191c

    SHA512

    e32043e7ce38c42611e8affc5c6533fd403fa784e84181b6f948bcb6d3246b3debe6ecbd825bf81f0c81110c2b803d5bf6e3333d064fe343a58e2b5aa5817c1b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_5C92D2665148840E382E6396933FECA4
    MD5

    002e60749a2f757d10bcecda4cc67b61

    SHA1

    71a2a81386bae0999c84e0a2da89d4c2b51745b8

    SHA256

    4108350793ece4d4ebc52aee059c6d7fb1c90bbed5439547b5c167970121f5e4

    SHA512

    4fcd9f7e4daba222020ac6446aaa36be7eb14f85c8bee7a14b4c5a363b8d714eda1b796c738c85747b84ee98b1f4a298332b7c0c007d265dfc5e06d9867e48e0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_5C92D2665148840E382E6396933FECA4
    MD5

    002e60749a2f757d10bcecda4cc67b61

    SHA1

    71a2a81386bae0999c84e0a2da89d4c2b51745b8

    SHA256

    4108350793ece4d4ebc52aee059c6d7fb1c90bbed5439547b5c167970121f5e4

    SHA512

    4fcd9f7e4daba222020ac6446aaa36be7eb14f85c8bee7a14b4c5a363b8d714eda1b796c738c85747b84ee98b1f4a298332b7c0c007d265dfc5e06d9867e48e0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    b2780cbfc24abc94f279d04ef5a83ff4

    SHA1

    c250e2009aa1d6f59b0e50fbbf17e6aff30f49ae

    SHA256

    1a620544ab7bdde2ca56ea989b3c7124a68d6f9c946c7a67f021d2e5b0ee71de

    SHA512

    ede782b09d49dc2c237b4f5cb98baa41ddd8085339cf19d0b21cac9f10eed27f1b859ee4b314afaa809cf0eef1041320005f0bad5b3d57f696f502541a4de3d0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_946D9864B4F1FD10771D10327B5724D7
    MD5

    b3c2bcdcbdd28aa3f36eeec8372621cf

    SHA1

    eb359e489c56b299ea8d5b77da225dc025335d27

    SHA256

    10ff1ca1b264cdb8aa557ad2f4b65bf3e3e678e388d641c35bb891597c9129d6

    SHA512

    4ad3bbce8fbba82aa515abf781dd043c5088a37649fde7db213753df6d215ca7a51263f6a12150e6c96afacb29e79fd7b794aaf7551238e451fc50743263160d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9A527C1-A70B-11EC-8E7E-FAF2E7F65BB8}.dat
    MD5

    ce69446d19d4e6e4bb24ed09d88bbc98

    SHA1

    3c00801cea1a040cb40684bb20f6aa2c49e2544f

    SHA256

    ee142327b2a0673825a758479b47e6253a9896efba89fdb7288bcf0307c01d45

    SHA512

    88656d43d0f5a8e1bd603b2295fb6897e281f8ad29ab0e05097f81725eedd36b583d20d5e9d4112c3e7d35ff1b652496decb68d4d0edab4d06fc56d549263dc6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FAFE4F21-A70B-11EC-8E7E-FAF2E7F65BB8}.dat
    MD5

    199696d52b5958214caebb6381e4798c

    SHA1

    b74a8614ac95c30ed3f56ed02115a1b63523c568

    SHA256

    fd972a969d2fad0004cce0ff3c089d1b4a35666a32aa57714f208b9f7216578a

    SHA512

    8cd41d345713b82983d51c89cd9c0dd6630a5a363f52f3b76689412a0d0d5fa4a88143cfb7d027f3360c0bfb859bf7259492b24850e5c9c27921830c4a2db934

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w8w9llr\imagestore.dat
    MD5

    cb55a66ce9eec7666a84df8c086c3491

    SHA1

    6290bb4cde30252719a5036619d6bd1d809e9b75

    SHA256

    beaa4b3dbd0d209a6737ad015cc4838b4e6358f170b746db6911853eab51fd7e

    SHA512

    22cf6490058ca60398a98432a2c5b4278b4a5ed61d5182be241d06427db53bc9c2a4c93076a81b23c824dee32b9b19e78e03d3af54dfcee2d078ed14381618fe

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w8w9llr\imagestore.dat
    MD5

    cb55a66ce9eec7666a84df8c086c3491

    SHA1

    6290bb4cde30252719a5036619d6bd1d809e9b75

    SHA256

    beaa4b3dbd0d209a6737ad015cc4838b4e6358f170b746db6911853eab51fd7e

    SHA512

    22cf6490058ca60398a98432a2c5b4278b4a5ed61d5182be241d06427db53bc9c2a4c93076a81b23c824dee32b9b19e78e03d3af54dfcee2d078ed14381618fe

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSWDV11G\cb=gapi[1].js
    MD5

    8b3232497b1f7d6ef9de09de2d9d2ba2

    SHA1

    71ceeb9891350f713b6a65d6b024255fad6532ce

    SHA256

    76c5142121c196c5c9f0ad23751d0006a854646200acbf3adc62faffd06e65b4

    SHA512

    fceb36a45a0353af0b1d5189a652e515850fda007a0c482cb36f75da393eb807a08c32e39dbc0218ca903443a14743d1e213d9fbed2c250e288b818ed8064922

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSWDV11G\favicon[1].ico
    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\27LAAOP3.txt
    MD5

    7def948b9af94fe93b5c7b540462370e

    SHA1

    4082e1c7f3a46ecb5e2e0ad6635f992193d5c85e

    SHA256

    4b633162fc43527f972c7eda929e057ec35dc17021ba325f095249b433ecb941

    SHA512

    c7603367ccc3afb852bbd5b741403ad0ab28e0ae40e351d90fb8e6b04bae78d33dfc54676e78e6ea110e380f3eeb5e3659c20c0febde600905264ed796045b4f

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\89IS1Z06.txt
    MD5

    30f8dafd4603aac158edcf6f121da81d

    SHA1

    7a0b30aee28dc9d105df48a948c8a85b01ab0706

    SHA256

    00bbd8121245c950b44774e278e29feed8a575e818fc2dd9dc51454f3833710a

    SHA512

    c5707f898e32c2ba8ecbc40d0c88d6be85239f310eecd972291d8a1216ef2f00aebd34656ee39073fee511e76d6ba72495a366b9afa8c61e260104c67822f851

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9K99V42S.txt
    MD5

    a25f6260ca4ad0cd8eac3ca4c666cfe0

    SHA1

    f2df4113217c96e56eb719fc2d38f464c0fe5a0e

    SHA256

    a33b65d65792bc5badd029ea2476a37c24baac69b7237434ec04531a89fc940b

    SHA512

    9f30bae462bb83ce68201fbe2f13b020400735450f04a78142c81e530865c9500cde407d4042c296a93d9d7923f44cee878da5ae41d2b07987fc5549579e6c6a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\A2L94G0S.txt
    MD5

    359ef3d6b8b73fc3eb19f425c7a16d06

    SHA1

    b2bb7e34ba1124a76acf0b67893517b1298de313

    SHA256

    e5e144ce6c18ce15471beff5885e1bc05b3b9a91385ec4ee9aa15b73deada1ab

    SHA512

    807273a367ba502921daf3cfafeda9a1d83a950b3b164105f54af0bb6f151b0a6e36dc343bc0fc587f18be243777b83d0a3908acd2b7a2e5998e0a546d18b99c

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C942NTNJ.txt
    MD5

    8f7d50f8c27bdfc15306aed7a7585198

    SHA1

    f38d36f154a94ab8a6eb35ab04a5dc4a179b39a9

    SHA256

    227f33056538b87ff6e60edb8b399d81c39afd107c3309d292fe2da736acaf15

    SHA512

    189bec89f0298d6065d3b62faa08949175e42434a5c2869882fc82c90b0ab7934878627a69e6ee5fd7d1385af0de996a4e6c95c2533ad991a118f472f5e5f9a8

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HBCU7944.txt
    MD5

    71c3f8540bf3cc7dc38e2c1962be67dc

    SHA1

    cd31540423b9d107098e5ca6fa0e6d2344e9088b

    SHA256

    4b60158a242f1c58434823223ea40f759c404345ec00dcafb7f83c9111b8f33b

    SHA512

    9d084e8d42a649f4c4a4184ddacadb20c2fcfb93bf79864c55ce26205045f5fedfefd8a358f8fa7dd589c8e0246c4c38afc1f49c4ce4d469c5a8918c271580a6

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IGDXZWO1.txt
    MD5

    e6a48070b47d88a5e028c47629568d8d

    SHA1

    475ed08b9f687f02b2680481726c475ddf04e96d

    SHA256

    2dac57eb8caeb13628cc18353fb6a509c4ae46040e799ab4fe168384fd564ea4

    SHA512

    c26b40c31435a16ad337939e30ee2261b4bfed984e7cf2ab134c1ee29d32f0f1ec3e1ebd739a96b982ba37d370b4c0fedffa6200db399bc04ad937e53fe4c023

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N41QRCGK.txt
    MD5

    90fae5432687694a6d8578ab64760c91

    SHA1

    6b13cf0aa78abb6a068b98477e71f211d5a91516

    SHA256

    beed7dc1e7c456d9daf60f82093e95621b11a327e1d696ac0e912f2dbc06a3eb

    SHA512

    0c2be207667f719d5f90c01005abf5c1c77659f61fc48e2f1ebcdbee283aeb9a99074ea117893e33616328c638b49b1c5d1f86fd15140b44b4aeb5f7f9ef4f13

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\P0O1K7ZV.txt
    MD5

    098be4234395ba92a4117ea60fa79353

    SHA1

    de5c9b47d28330aec4164a01899e0b2f09f97108

    SHA256

    9ef237fcf8bdfecc22af3734e47e8279fb2e3d1365ed310215849f6e3703211b

    SHA512

    e5446152ba41dc9e1971ad74fa6187feb22a27aa9f624cd7b7b97e65f56a2ad067f877bc410019dffb280763edd825ad8861d821056af700189ed2a800ead5a7

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\XNM3OH20.txt
    MD5

    4d566b41b189bf4099cf44b3a9a72d49

    SHA1

    a5c307c4e9dacd968049a5e008c657e7d722fc9c

    SHA256

    3e9aeda39c3e1b30316019a89da3ba49a9ba3fb45ff30bdbce08370c3328f853

    SHA512

    2075d267dbb1158c1265948884b7aecb65e6b913117ec84984080fe65d1907470ab24de2c3f1fe6f3896ad87215a8445a7c10cdbd382c8279383a7e2c0fe7077

    Download Submit
  • memory/1836-54-0x0000000074F21000-0x0000000074F23000-memory.dmp
    Filesize

    8KB

    Download