Overview

overview

3

Static

static

3

COMPRO-202...AS.pdf

windows7_x64

1

COMPRO-202...AS.pdf

windows10-2004_x64

1

Analysis

  • max time kernel
    4294359s
  • max time network
    305s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    25-03-2022 00:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    COMPRO-2022-PDF-HTJASDFI12Q4398ASDJ2143ASDJFFAS.pdf

  • Size

    120KB

  • MD5

    0e852e01a2da3b1c934a2e606865e743

  • SHA1

    3979f1ee2ad19344f4f318b851339ca406064644

  • SHA256

    a3d67b6da7f0e2d48b71c2129576c35595a352a423274224bb2dbc7ac1328c34

  • SHA512

    676acea48eeae07bc7175761acdb9ec0662668d0f48e9338473f81916448ce0d6e8071fd839bc945bd99eb10efb678ec5352a7630a399e95c48059101f7f7f54

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\COMPRO-2022-PDF-HTJASDFI12Q4398ASDJ2143ASDJFFAS.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1428
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://comprobante.mx.clickmetertracking.com/compro-pdf-5hkyt4
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1796
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://comprobante.mx.clickmetertracking.com/compro-pdf-5hkyt4
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:856

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    42b77016aac1c248981351d25781e867

    SHA1

    ab880bb0be50de5d68056c8ac0575281a7705d89

    SHA256

    8e8109a855c2ddec4d63ff565ec818cc9ba96bca511cc8fc25e00047d358aea5

    SHA512

    4acd3d1155900830cfd44f44cd8a36a4f23c5be38a8e0057a73ec0a95b802982a6d2d02f2b053484d8ce7dae9c8371bfaf863f680e8292c625d52a55be8c700e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_25C1C17E3D961AC8ED4EF9DAC6C8BB23
    MD5

    5480b1e6db2c58ee73e10966337933c4

    SHA1

    48bb78a8d5f77179ff52031d0dd95002c8e26ffb

    SHA256

    b297f975ba01cf538f0f303b2a5899547d603bb61fd9a43fb6797a685f692fb0

    SHA512

    e37d53912ca1c9995747a72115dc6389577836c9fc9cfe81b9b35fec3b38a93aa9da9b0393c9c7c3e4a0e80d780672f90269839255430c38fb62cdbad734b049

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_5C92D2665148840E382E6396933FECA4
    MD5

    a48e6d45d5c9faed0c1b0b5f2777ab0a

    SHA1

    4b24d9e1c291e7a8a2bc995e3f36917a623c7fde

    SHA256

    b69eca27a62f5034311014c93f67d06b07fff5d965a32e6ce46d34d31b33ece6

    SHA512

    20fedc427672f611fda78638fc3028f16ab03fa9501d69d115b50dbf1d91f1ff089f8642d39ec9b3757d86365d44101e535bdd5fe826eda0f4fddebcc96c02de

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_FFD469A65FB3472DC413D6BEC866E0A1
    MD5

    1e20e24bff5e0a17e2182cdb22d2ab82

    SHA1

    d9e0b9c7aa628186a78c738205b0d8e65f88eaaa

    SHA256

    b09d05c43ffcfc7bebb91f609f5921ed431309dce4d72407ce36b9be11405ab4

    SHA512

    4d9e4934280af6271824c8992abf16badfc58cc619b79ce3099e6ded7f4f22c5439687758bc7bfe4bce81b065bac53e04adce743e5f93d55e2b9f6b4fd316bc8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    64e9b8bb98e2303717538ce259bec57d

    SHA1

    2b07bf8e0d831da42760c54feff484635009c172

    SHA256

    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

    SHA512

    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_21E25A25DA895F472C2CECC68F6908D9
    MD5

    09971788fc790f584eaab0a0c9bb66be

    SHA1

    afa6e36db244bdb23f511edc3b2ca7cfaeca636e

    SHA256

    99e7145799d67afad66cadcb98cf494af4e004e5886757f11883f484505b08e1

    SHA512

    06f024186716be872964bb2da5eac583b892dd96a3e01cc888ef8e04eb4df2205501a632559feb5ca78e7cd55ab2b3054c112df59f43b56f30816908423d0fc9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_946D9864B4F1FD10771D10327B5724D7
    MD5

    e6ec4cc059484ec46420f6ebd960c093

    SHA1

    9d2b6664859e5352930d367aec23cae22d7bd814

    SHA256

    c05e4814cb3a25f7ebfa6071b63eefeb3a4510d7bfc38c2547c0b0e027b2e04d

    SHA512

    0195b4a1df9a6a9e272f8546f46a753d3d137009c16637ac639f67218a7d712ec527afcfb7a734b662c456d609feb50e41787895d42f2966a6b6d953daaeee0b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_B48F4685F62B1CC9382362DB04B7F8F1
    MD5

    fac38d50c30310accf960e3f99bf57c0

    SHA1

    0c5494c92d157c9b4296d359802ed1c2e3290179

    SHA256

    422f4e0ad801fb38a1baf1fb9cdde0b0abb5045972abea465ae884c08bf9933b

    SHA512

    962850d6e89bbc484afedc39d2da61c4317f2958342269ed59abb03fd78e1ac0117a95e7b1529807cf345682230a4293027382671904237182cc5d44541de748

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    MD5

    2d200d2bdc53274ae27f1c9c645c9678

    SHA1

    32a5010ef3050c117b50160888d09aa478dfbe18

    SHA256

    75ed3384e207f258fcec0801a4da49edd61607687d7be129668e71e1e593f28f

    SHA512

    1b5ac9084681ffc4f93673eb8b946647bc0799e749100394920b2c98c997eb8f96a99bf80ef9c75cb99f135d8b79f3acb97ceaa86c900dabc9b58a16f8459b9b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    f5596af6402efd836377484b27351e7c

    SHA1

    05727d82e2ecf37f6b21b46a567a638734d1ab18

    SHA256

    95ec6bba4c66476d8fe87e3165709c259228bea33588d9b8ca487bef0e832fcd

    SHA512

    257587d78b8d3d8e11484ebd0d718e73581b7c611f29301d6ce04149ad3d6a27c43608e133017de3ef57d39d08d8a2b5c7bfbb51345a633fa7a366c06695833d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    f5596af6402efd836377484b27351e7c

    SHA1

    05727d82e2ecf37f6b21b46a567a638734d1ab18

    SHA256

    95ec6bba4c66476d8fe87e3165709c259228bea33588d9b8ca487bef0e832fcd

    SHA512

    257587d78b8d3d8e11484ebd0d718e73581b7c611f29301d6ce04149ad3d6a27c43608e133017de3ef57d39d08d8a2b5c7bfbb51345a633fa7a366c06695833d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_25C1C17E3D961AC8ED4EF9DAC6C8BB23
    MD5

    21718af477334ff007482073150f3d36

    SHA1

    008cf0f869b5d1a0dc4222a8e833980bad4e9170

    SHA256

    0d2e7e4d253b9372730491a96d5a43c8c1bc079f6a17d1d74520c536ae29218d

    SHA512

    8d79f1739f6b1772a34c510d75b1d01502ecd7447568552eb4b2dc942e60f75f63c6d0fec9090a7810ef0e0c8728bc6518123d5aa905e5fd4d26435fccf0cbd9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_5C92D2665148840E382E6396933FECA4
    MD5

    0267e6b99453d1c1e0ea84e8304507d2

    SHA1

    4cca550200de5f9d539f36abab4dcc1b98b7b80d

    SHA256

    97e5df4baa315cd86675cf798b3ff0bab0957485e815c7db51fcc80e044aa47d

    SHA512

    758e32275382fe7b6a00c01b78bb3efcd752f8efa81cbcec69ac8a3656964488fb5425d883e1f00c9a90d715f56527ce980a13907817dafeb7227e6e24fbe063

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_FFD469A65FB3472DC413D6BEC866E0A1
    MD5

    39133c718036ad4876a16731cfceeed4

    SHA1

    36408ae32c5627a1a8dfb48b3a3e4b5117a9a0ad

    SHA256

    73a7e0da8c9d6a5fb419bbc30f834454b45855a1a7836dced717b427161304f6

    SHA512

    dc3a3a0a8c534904c09dfac968f78ed0c0b7df40642ac3b6866d37a841bcaf8e22eb0cfea9136922d8417eaafac3efd389477e9af2a7c8041bdeb381935b4fec

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    MD5

    82a372ce7c87d232ade0f3e9a155b106

    SHA1

    f14749145f6fe86cadbf3d9d8d2dbbdfc35caaf0

    SHA256

    e8057541b0e0840633893df01d99aa97c7cfca15cdc7ae196d1bf1103f1c58a1

    SHA512

    f2348a9b9675d39811fda55035ee35eca7287c52a90d75b026f1dc8a0daf12ad8f0602dbb98b6baf5611f209c6106d51a0e72e50dd3f346abd445d7d3222cddd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_21E25A25DA895F472C2CECC68F6908D9
    MD5

    c1753c0f0fec43f8ce94293f278283fe

    SHA1

    733175fb8156c39608cc96d1a1474fa98fb6a6fa

    SHA256

    30918f5c573968942acd19497b6d63bc0900142687120493f92b3802a1e3176b

    SHA512

    d014c40726629284543a57a761f0fe61fbc5e5fab462872e73e38627afe2eb05416cf631fb991d0361e50fb9ec010228a666714972666ba771605dac24a05dea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_946D9864B4F1FD10771D10327B5724D7
    MD5

    98bbf3cf8e8c80347e15e496d55967b1

    SHA1

    e7114f8e14f8a1b66b0f7474ac22e36deabf75e5

    SHA256

    3d3561340c11d3c37c751382b7edfd7771ece4ec6fcbc2da320e2e1bd82b78b1

    SHA512

    fa852b23848e91826dbe5cdaddc26c4ebe2d84a361e4b27c8d9cf99c514d539fb318df321bf561fff05fa6c59e6cf99d2adb3cd568e698bf6141eaa94041da29

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_B48F4685F62B1CC9382362DB04B7F8F1
    MD5

    60d59ca28aa286efeffcafc85645ffdc

    SHA1

    7f3a3730492b8728f174444d2d30e6500c47332b

    SHA256

    4c20c7cd891e69ecf24a8d0755b0ee40eaaa865c5a4f804d1dfbcaef146ad1f6

    SHA512

    472dda1067751ee01eb2e5a327d7860b12d1f18a615984ee9fe871caf3f1d08f5436dd1e1d3e8d2511184db1b68731c4b66fc013103871b4bf0028d9bc6407a7

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FDAA8890-ABDB-11EC-913C-DA7F80344C58}.dat
    MD5

    997c582e865492ab113f55ada29fd429

    SHA1

    83abd7cf93975573ab4751893722d632e03d0be8

    SHA256

    5ef63350e715a86d8f45b7d752b7931013c2d9da3129b4c2c3b2793f246f3a0c

    SHA512

    b3ffc933388c5e8071d98ea0dd12fa805cbc566612a65b3cd71c7e201658914530c86862a959c4efef11dc2702f38490083aa0c0de66b5bacfcb7e532e1c1240

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w8w9llr\imagestore.dat
    MD5

    25f11cd0a2acbb5a4a0dc3a6f85b674b

    SHA1

    16780b15d8bc3ff69db94fbae43ce1882f0a0204

    SHA256

    ba097ca1501a35d3141954c3d15910cc632fb7d46a87a8b8dc8b68f17b0a38dc

    SHA512

    583fb01f0c63580effbcc133a76e1d6f466444c84245612b06a024e22b7fa1c456bd4814ac79ddf453c9ee38d82765b240c1fbf7fd7a78b919ddd6c94333facc

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w8w9llr\imagestore.dat
    MD5

    25f11cd0a2acbb5a4a0dc3a6f85b674b

    SHA1

    16780b15d8bc3ff69db94fbae43ce1882f0a0204

    SHA256

    ba097ca1501a35d3141954c3d15910cc632fb7d46a87a8b8dc8b68f17b0a38dc

    SHA512

    583fb01f0c63580effbcc133a76e1d6f466444c84245612b06a024e22b7fa1c456bd4814ac79ddf453c9ee38d82765b240c1fbf7fd7a78b919ddd6c94333facc

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K4MZLV1\4UabrENHsxJlGDuGo1OIlLU94YtzCwA[1].woff
    MD5

    142cad8531b3c073b7a3ca9c5d6a1422

    SHA1

    a33b906ecf28d62efe4941521fda567c2b417e4e

    SHA256

    f8f2046a2847f22383616cf8a53620e6cecdd29cf2b6044a72688c11370b2ff8

    SHA512

    ed9c3eebe1807447529b7e45b4ace3f0890c45695ba04cccb8a83c3063c033b4b52fa62b0621c06ea781bbea20bc004e83d82c42f04bb68fd6314945339df24a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0K4MZLV1\KFOmCnqEu92Fr1Mu4mxM[1].woff
    MD5

    bafb105baeb22d965c70fe52ba6b49d9

    SHA1

    934014cc9bbe5883542be756b3146c05844b254f

    SHA256

    1570f866bf6eae82041e407280894a86ad2b8b275e01908ae156914dc693a4ed

    SHA512

    85a91773b0283e3b2400c773527542228478cc1b9e8ad8ea62435d705e98702a40bedf26cb5b0900dd8fecc79f802b8c1839184e787d9416886dbc73dff22a64

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\07X3YUTW.txt
    MD5

    d6bafaee1735d2591225cc42fa1941b3

    SHA1

    e4b5eeae74da622da8c306d4873cae0b8acbea40

    SHA256

    79e1a2c4db3fce980a3f5604f104ba52d029e07491c4e3533d88544140d12e53

    SHA512

    72b23d9dccb7d9049ce636bb4c77fe3f4ef853247b9590ca5ca183481eab57aa1f0cef39031e632f111a17000fec58f4f38a7c6b122836d22bd42ee34befdb99

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0HDXXAYP.txt
    MD5

    6c8d9cc656fd68b2680d2a65fe9e6166

    SHA1

    8a27459fcb23e1802db3ddd08f6008f5ee32a8d4

    SHA256

    ebb9dd14869ba9ed11c484b03ede4f667516122366cc9d34d2348ff8e226c4ac

    SHA512

    a87e740462e90a2f5178623016962e77873cbbefa3ec43d1662faec7a9bb67683c52ce324a5eb21cc8b10176456f4f20faf9c694909c45e01680e1db76940255

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3JYE17K7.txt
    MD5

    f5af728fb0493dbece3b24740879eab5

    SHA1

    6de9b1fcd780410108f0f76d51935b241f5e08db

    SHA256

    61d9a08b6535cd40a7028776e572d1cab5754a32a32a07e28958aea843284c9f

    SHA512

    2070cf02a8ec7919b61572e13e13922be3847eded3e25f2e5774326f2cd3fc47cc28e475b69e23dafef5d6524b0b1c550231fbe62af6faabc7e3fc93ec145c33

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YX7J0X5H.txt
    MD5

    93ba03d56921397d88a6609c99266dd3

    SHA1

    7fbbe0469f83c3b63bec5d5e4c9d407742ee4b89

    SHA256

    dfd63332d95215f20da9e7504ab8f903bc463a66fe29eb5124c21fb70b174768

    SHA512

    ef160305fafa0e2523d1544fb643a84aafd552a6740350f8e2ad3ba5150866e875eeedc9bb5d5fb691db7ac6c11fd78d01f07b36e77262a2fe25ae72cc87fe5b

    Download Submit
  • memory/1428-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp
    Filesize

    8KB

    Download