Overview

overview

3

Static

static

3

y25b13h7zd9..pdf

windows7_x64

1

y25b13h7zd9..pdf

windows10-2004_x64

1

Analysis

  • max time kernel
    4294211s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    13-04-2022 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    y25b13h7zd9..pdf

  • Size

    146KB

  • MD5

    89e948ecffb86820c83af0bbdd334386

  • SHA1

    5c7cdbe741a4cee6b3ce41d49afd1b6907f09484

  • SHA256

    79271eecf576e09e248d66b5e07f26f0a13e061fafbf3fa51c52c6688e0ee46e

  • SHA512

    4546ff7bb04ef97a18053f87e6184fdc8bc1cfa2c301901af46f24844af26454b47be4e3dbadaa50ad3c2fdc0d1a34d2996460854e8545a38321cbd71f0dd578

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\y25b13h7zd9..pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://bit.ly/3je4mCR
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:432
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1660

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64eb9ce803e39d4e3f607b088f82d059

    SHA1

    cb234663e563c1a4bba71797bc71494f5c841783

    SHA256

    58626bdffba52d62802672dab16f04fb53ceb86f84b983d539fc5cf90325f655

    SHA512

    05c80fdeaeaac59f2e0b86ff73925893bb01e4cbf98403d65367b38938c9faeb78951fe539fd0b1020f6cabdc08357f55f61765f7695656bfb9a664220d20e04

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    183759a230f4cc37bd42d766d03968b7

    SHA1

    ddc42a89dfea3e9daf06678d4bd97f6a6adc3c66

    SHA256

    d8feb3f4f2841f5f3d4fb22bf777b6f9b664eee79ddf928317166584b80a62b1

    SHA512

    a7a91cf9fd12fd60594f0e2f938d7e6e3cd563a269c22ee1b9485b501a60702b57da9f3379de3f41a034d858761a1e45c38286d5393c3820f7b29417a0f45604

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    4d964ec1786a57b419145d272698a82d

    SHA1

    66ed8358f2f57eabed5a9c3d4ffdd85604d1cf7f

    SHA256

    994b42eb50e96097170b1067c4118d7f54d043975baaec4bff2ce3ddc9434cb4

    SHA512

    10a0e179ab20422afc22539977e6b29a1a9e836392c1ef85318fbb20ee9f4ce68cc7038e97c9011a57499f1440c9113ac56159cd760e96cf87dafa87eeaa0a42

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GZ5RLT49.txt
    Filesize

    608B

    MD5

    9326a71a9f6fee5ec9dd8901724d20b5

    SHA1

    c2e56191106c87fd54473c93764f789d0781db86

    SHA256

    03f17c1d06ba0d8204c663105ab6dd4819e57ac073bdbd16198296fcd66412ed

    SHA512

    bbc5e1815038dbdc6f3d4cb64e1746524bc92d8dbca2b180f8d31efeac892bc6cdca80212cada0046d2e179a292bea1c66191fd83e2ee48e6b10b0e9c1166d5b

    Download Submit
  • memory/964-54-0x00000000755A1000-0x00000000755A3000-memory.dmp
    Filesize

    8KB

    Download