Overview

overview

3

Static

static

3

ATTENTION.pdf

windows7_x64

1

Analysis

  • max time kernel
    40s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    14-04-2022 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ATTENTION.pdf

  • Size

    97KB

  • MD5

    80a193c746cfe32e716da5279a9cb94f

  • SHA1

    f1d83ade53a86ed282f006975af87a761d68bfc3

  • SHA256

    da2a64bc467f573c33df045c8b9bff63c89e220e4aa4de19b2b2c551bfbcdb63

  • SHA512

    1ed536425c3b10b84bd2e01e7b6f93800237902535641338fc28136ecec06484985f8fbe40a8b6bb5cd5a6c5302111ea813d1746ec0c722f1be63b832e000a04

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ATTENTION.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
      "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: AddClipboardFormatListener
      PID:1792

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1276-54-0x0000000075A61000-0x0000000075A63000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1792-55-0x0000000000000000-mapping.dmp
    Download
  • memory/1792-56-0x00000000707B1000-0x00000000707B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1792-57-0x000000005FFF0000-0x0000000060000000-memory.dmp
    Filesize

    64KB

    Download