Overview

overview

6

Static

static

3

documento 49711.pdf

windows7_x64

6

documento 49711.pdf

windows10-2004_x64

6

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    06-05-2022 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    documento 49711.pdf

  • Size

    18KB

  • MD5

    cae578660134d034d53f262c54f80740

  • SHA1

    29e8913d82e1d4f3cea1372eb252141760638d92

  • SHA256

    262c6cc05680448a3cc2f1122093635835019cac69a767f6df42e3574fb82cef

  • SHA512

    fc7e5e4def3f37cb4e727b1476fab1d09c13285dcfbf7cb0d9c34e9a258df77078ed23c82cc286da02ba7126fb9b324a5634e7beefbe6023d658c095a54fb30d

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\documento 49711.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://sites.google.com/vbslangemark.be/per-comunicazioni-istituzional/homepage?authuser=2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:340993 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:4207618 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://sites.google.com/vbslangemark.be/per-comunicazioni-istituzional/homepage?authuser=2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1936

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    8ebebbdcf4d1949dba60f27d489b38be

    SHA1

    b303db1230c2f588a8bee53d3ecf84d64f6f9f36

    SHA256

    1590789212a07cf3689918d2821d5701c3a49859ba9b0cd306d2b557508e0989

    SHA512

    17f3d9d02bdd35178ed2b7796e663eb42e681b7aaa0556748fcf0cde3ed7134398e6e851bf239620390fc3c5513a171bbb627592ad02fc5f8e71e98b856f2e11

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    8ebebbdcf4d1949dba60f27d489b38be

    SHA1

    b303db1230c2f588a8bee53d3ecf84d64f6f9f36

    SHA256

    1590789212a07cf3689918d2821d5701c3a49859ba9b0cd306d2b557508e0989

    SHA512

    17f3d9d02bdd35178ed2b7796e663eb42e681b7aaa0556748fcf0cde3ed7134398e6e851bf239620390fc3c5513a171bbb627592ad02fc5f8e71e98b856f2e11

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    5a11c6099b9e5808dfb08c5c9570c92f

    SHA1

    e5dc219641146d1839557973f348037fa589fd18

    SHA256

    91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

    SHA512

    c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    5a11c6099b9e5808dfb08c5c9570c92f

    SHA1

    e5dc219641146d1839557973f348037fa589fd18

    SHA256

    91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

    SHA512

    c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_39F37364327722A8848EC31487943B06
    Filesize

    472B

    MD5

    a5956f4ce6ee12af52715c16c3148dcc

    SHA1

    e2d68b0efd38f5b7dccd9b8ee5bbc8ede705d034

    SHA256

    68cd1d62eb1d28a4093ce6ba27ead503e61faf109497a3305b336a5dd0749b63

    SHA512

    6876fde5a801775f614d37d61a7fba810589c92b9d9bcf7dec300922ec69ae8d3a9737543b79c4a5cbfa3f1b74f94608f3848e9b6bebcf73634d82e6c66fbe21

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_39F37364327722A8848EC31487943B06
    Filesize

    472B

    MD5

    a5956f4ce6ee12af52715c16c3148dcc

    SHA1

    e2d68b0efd38f5b7dccd9b8ee5bbc8ede705d034

    SHA256

    68cd1d62eb1d28a4093ce6ba27ead503e61faf109497a3305b336a5dd0749b63

    SHA512

    6876fde5a801775f614d37d61a7fba810589c92b9d9bcf7dec300922ec69ae8d3a9737543b79c4a5cbfa3f1b74f94608f3848e9b6bebcf73634d82e6c66fbe21

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_D84944C9F3B5533761802CE8D9693246
    Filesize

    471B

    MD5

    d4c11d116190992c290e0b86efcd6807

    SHA1

    031076de5654e0aaafce723154decbd246e5060d

    SHA256

    5a25122c07e1b67623d014f5fae6341bfcba4626e23fc9a9c9cca8665682e9bc

    SHA512

    43ed94f02018c8ee29630fcd8559c37726ab1bd622638bd9cb8430dffb70c349746b48bd40c9f9241138e42479337f8400ba1eba6009fbec96c1a4511a612e33

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    fa6e4b9ecff6c7052ab2464e61761bc5

    SHA1

    87afdd87ef4671bb898c57e2fae1746ec0649ee4

    SHA256

    695cec2f7ecf6a5138777281e291c0d75dfcb6c1dce20e3580159c8fd9a23814

    SHA512

    c1286a93a2ec1a8a7caf054519de322d0a3387c43a9a0db22acef347686a8a5f0f42c877d14dcbaf9efa5184aa9793262e9465488608aa081e72e2b313d40847

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    fa6e4b9ecff6c7052ab2464e61761bc5

    SHA1

    87afdd87ef4671bb898c57e2fae1746ec0649ee4

    SHA256

    695cec2f7ecf6a5138777281e291c0d75dfcb6c1dce20e3580159c8fd9a23814

    SHA512

    c1286a93a2ec1a8a7caf054519de322d0a3387c43a9a0db22acef347686a8a5f0f42c877d14dcbaf9efa5184aa9793262e9465488608aa081e72e2b313d40847

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    ab6d3fcff8dc04f5b5960d4d8c892ece

    SHA1

    0dcd5843b4c658ac338844132fad99093eb6f88f

    SHA256

    170b9ed616ac09ca46e8a3b9479bf87759489be1dad1a17b0a7513ed44e44c54

    SHA512

    ee363f6bbedec734adad9f478485155c3fae76b52ff74fc490229e6ae4e01deb0b0afb6061b57f2ce8ffcb76089dc1cc3fa540c36bcb08a28c8f0ffbfebe8b4d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8bda07641da258c238d733d54de171ef

    SHA1

    c65ae905cd5d22d4d4816c07f925d218db8cf469

    SHA256

    e63a22d44614ed195f39a3fb5a22d6a39785c3c4030db589d100eda86b0b08c4

    SHA512

    6cf8b43e6db88f1b0af969b6395daa7c90d6502a02bfbbfa49507c4ccf3ee84aae80b7cf2dfd5c7bc10bfbae5e7a5ec2aa4aa7e2847015a6089aa60c2d675f8b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    72cf38cef84714777dad79d78f7c12d4

    SHA1

    0189b7460a052e0172724ab9e960856011ceb88c

    SHA256

    79393ec617f94a5fa6912b66b34dfddf557d25fad81b89c60fc4b4c847667169

    SHA512

    53f5b1975e424b6f1d2932c0367794759f3afdbc389fcd71ab01c20f86f1261622597560a7a32e114a670b24c7aecb21137dd839aef3f5d78650cfb521abd2d2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    ebade69feebfe3754f56b81ea34de24c

    SHA1

    e2e386828f3395f1efbf9281299b40c6b110e4aa

    SHA256

    f71b09dd9e37ae5c5072f59d17f608c837dc687f921988cc31fb657b7663e8b2

    SHA512

    58c74854e550a8ea0c21d711cef107bd25e7523b37b6d4c4d578f0de9d0e137bbe770112de5bae52362377c2ed4db86b0680da7a2f8997cf2bd81f6ea393621c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    77781e38b9d239118527b590eea006fe

    SHA1

    e803bcfd3c7f0d6da95eda091d405350a39d5e41

    SHA256

    23b17cbccfeb622fb92b269000044d11b8c23b4ec4aae6afc1c87f8eeeb09c5e

    SHA512

    5c7890e34a2f77d6ad9d35333dc2360e7728a408370d4d1b031a987e089afcfd22902cd63c3cbe24e2debd126e43ee416ddff6a13029cebe00f76a537b91d8e7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_39F37364327722A8848EC31487943B06
    Filesize

    406B

    MD5

    58bc9ec5e5de4968432a9d3bf4346894

    SHA1

    051888c915aba16552bfe83a632afc90612e074b

    SHA256

    221fb12f571358ed114967e3ce232dfea47a52de96a195146ec1b8b2434fcd74

    SHA512

    e0095bffb2feb25329e3c0cc6c607dd672ffbf86b80a83300db719eb52770a7672d389b35725c3f9f0a7a12f733f319c3be257f300ff633c4b06b32b1c4d2a07

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_39F37364327722A8848EC31487943B06
    Filesize

    406B

    MD5

    939c03d4c33d7460223505c7dffbda6d

    SHA1

    07159d04313016d30db372d8b08de664c7a5003c

    SHA256

    e814d7ffd8d0efed83595a60bef37e4dd7971a4032ea8b8467fd08519b5a8143

    SHA512

    41e3400166ab557aa6b3085cd5da1ea88137040f652476d81c6904fd5827f12ad1f3b8d46c4d8d3a583b3636c92e52b1c002f1a3f9b5491ac1661a00f80a7f66

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_D84944C9F3B5533761802CE8D9693246
    Filesize

    406B

    MD5

    d3af671af8dd58b243689ab40666a3b4

    SHA1

    ca44e331026dc19e95a408ba60fef9d278931d26

    SHA256

    baec0cb9b80250cd4c73668789e1639289accd15dc13466588e74d2158066ebd

    SHA512

    03e110b7f2a514a17e3f7b388578c7bf95e25917bc4c76667aa2c2f3d6f93eaffc426566ba649082bda1e30a3b4b33d24c6a2890d274a05c777d6047b9aed39b

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E03479B1-CD3C-11EC-BA97-DE95627D9645}.dat
    Filesize

    5KB

    MD5

    bf946ac5a225916dcd235c8a20fa24fe

    SHA1

    11072565adec27ef42e7d309dc91e27d7edf9808

    SHA256

    ff37d0884b280b6bf56bbabe4e856e15691aec457fe829472f31407dd44b1ea3

    SHA512

    96997da6314727085283bfeb8cb99675a3942d8dc1fc5b42f9a2a5557cf4a7d184496a366eda9943b8888be78691cc151105c2ca9228337dbfb4bf7dd7fa9976

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ezmz917\imagestore.dat
    Filesize

    9KB

    MD5

    2449768a3b079bae1425f27c534486f9

    SHA1

    3ffc62685508c78433d90b5cc0e8e34aabad5573

    SHA256

    5f978b439979230e958b1d6070ac316cd343345e7097c9d2d80cc113e19ee7b0

    SHA512

    6114b8ac0ecce3b9d54b892b9a12c6ba581a8e309d8e0c0949a69992955a0ba71e9054ad27ba9e86039b2df15ad497ae8d8c40b32a96f5656f83ea4a7f69c8d1

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7BCEU9XW.txt
    Filesize

    130B

    MD5

    1fb9a13c89413ee6670a73f6d7b83c52

    SHA1

    de9c68ad4298c0586346433b25ea92d6c6f3f4f7

    SHA256

    9875aed1dc4561150eabaeea0e89af2e723c8ce3a8c6c827f15caefca9d27c27

    SHA512

    1afa1290384875f2436f6400b4574ca325b8cf41a195ac64ed86c09d46f05ce6508a44addc293395a83f43d5ac804ac59432e533819ee9769982425f31263327

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Q87TQU03.txt
    Filesize

    239B

    MD5

    17da9e1e254bc6094e7f42b63e5fb91d

    SHA1

    707bcfe4a18d6ecb6036253d00c66f011afd12f2

    SHA256

    4c22717461f4898955d078edc42a7b54c2cec5533c5f2f0fbb289d025c626315

    SHA512

    b9f6622c7a9dc38c5bf36402c0e7f75ba367d33b3aa22aee04d5ceb0bf696dce55c4235c872b36c8214ccea341639221b9a56d38cae58c319226dc627bbab80c

    Download Submit
  • memory/1336-54-0x0000000074B51000-0x0000000074B53000-memory.dmp
    Filesize

    8KB

    Download