Overview

overview

6

Static

static

3

CITATIE IN...22.pdf

windows7-x64

6

CITATIE IN...22.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    85s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 04:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CITATIE INTERPOL 2022.pdf

  • Size

    460KB

  • MD5

    4b02976eff93f6e9f73e00474cc5426f

  • SHA1

    529afec569b1b967187d7858b24966785163dd6a

  • SHA256

    0431e643cb40d0c9ccd8ade2a9802e09d9da6c7a43373c9539d135115e180ed0

  • SHA512

    5bbe7eb31f9f3e675677d5902e3cdb41af517e5d3887c161d4c4e97c258a10b6d55e0f30672f55470cbbabc8a4782efe0ea33bb54eb6973b16490fa6b6774b17

  • SSDEEP

    12288:+FiwpIeF1UI/+QQL54f0CEiK8SJ9e1Iww2ErTAX7J22:+F9+54fWxJQj6Art

Score
6/10
collection

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 10 IoCs
    collection
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CITATIE INTERPOL 2022.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
      "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:petrescu@politiainterpol-romana.com"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      • outlook_win_path
      PID:792

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/792-55-0x0000000000000000-mapping.dmp
    Download
  • memory/792-56-0x0000000071201000-0x0000000071203000-memory.dmp
    Filesize

    8KB

    Download
  • memory/792-57-0x000000005FFF0000-0x0000000060000000-memory.dmp
    Filesize

    64KB

    Download
  • memory/792-58-0x00000000721ED000-0x00000000721F8000-memory.dmp
    Filesize

    44KB

    Download
  • memory/792-60-0x00000000721ED000-0x00000000721F8000-memory.dmp
    Filesize

    44KB

    Download
  • memory/792-61-0x000000005FFF0000-0x0000000060000000-memory.dmp
    Filesize

    64KB

    Download
  • memory/792-62-0x00000000721ED000-0x00000000721F8000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1504-54-0x00000000768A1000-0x00000000768A3000-memory.dmp
    Filesize

    8KB

    Download