Analysis

  • max time kernel
    148s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2022 14:31

General

  • Target

    Payment Copy#190922-001.pdf

  • Size

    246KB

  • MD5

    db926b78737d7f4789f160b57f7659ee

  • SHA1

    69f78005e84a86e9ae4698a7063b7cf7f357700f

  • SHA256

    3171911f4527c4e22b1d2bddf421936d9b63d702b742eba54eb55771844b9f69

  • SHA512

    1f0bc7543fb62e9e391a36576ac2d05f6886a16fb2987ad1464404c3d52b45e3fb0e0d9db61c9c73c558df37cea52c97cd138df81ae62bb0fac402b4f1907487

  • SSDEEP

    6144:pUUtLpXNzMo8Auk55Q/zlk654ARhT7mnBE+Dfq5ql:pUgLpXNzMoQkjQy65/Rx7EC5ql

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Payment Copy#190922-001.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://rebrand.ly/d6tbep8paymentcopy
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1420
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1420 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:828

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    60KB

    MD5

    6c6a24456559f305308cb1fb6c5486b3

    SHA1

    3273ac27d78572f16c3316732b9756ebc22cb6ed

    SHA256

    efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973

    SHA512

    587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5a0262abeb08b9011f93df4510e32b3e

    SHA1

    d7ebce12748473617adfde123cb5e9596e09d575

    SHA256

    6bada9be06762b154af6a6d107748ecc8542cc53468ba4632776eeb4df95930e

    SHA512

    b08b7e2d7c01d16b1bcc22dcfed3452742932da573883f8693c29718e09c3213d88e88ef26e08a6a58341e96a4d5987611104ed1cca70c358d46f483ed51cbf0

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4BTTQ93I.txt

    Filesize

    608B

    MD5

    0bd1b86e9a10de462bfb2f84d1ebb924

    SHA1

    f66a1ab3774f7f25fa12ccfef0ccb75ecec02b92

    SHA256

    168beb2a0478bb61ffbe9459437e728db460fbdee5088ff63cb7aad7a9e1467c

    SHA512

    2af4fc5466b69eafde29a59250228f40ae3cf46ff4a7d2ae839ebde902b881b2bb46e4862bcd19fec3ddd5da660f2a923fd0cbf11d839c66135a05aa8ae2fcb3

  • memory/1048-54-0x0000000076171000-0x0000000076173000-memory.dmp

    Filesize

    8KB