Overview

overview

6

Static

static

3

SPEI_Trans...xe.pdf

windows7-x64

1

SPEI_Trans...xe.pdf

windows10-2004-x64

6

SPEI_Trans...xe.pdf

android-9-x86

SPEI_Trans...xe.pdf

android-10-x64

SPEI_Trans...xe.pdf

android-11-x64

SPEI_Trans...xe.pdf

macos-10.15-amd64

1

SPEI_Trans...xe.pdf

ubuntu-18.04-amd64

SPEI_Trans...xe.pdf

debian-9-armhf

SPEI_Trans...xe.pdf

debian-9-mips

SPEI_Trans...xe.pdf

debian-9-mipsel

Analysis

  • max time kernel
    123s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-10-2022 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SPEI_Transferecias_A_Cuentas_de_Terceiros_Banorte_Ixe.pdf

  • Size

    25KB

  • MD5

    98c219299475fac35b7373f158ff82c9

  • SHA1

    d07abc2e391a9166376313d5de88df0fb42b5b61

  • SHA256

    d1b0a2050176a170fb95e31243e49ed64b91181b68789cc0f0281e515e1a0857

  • SHA512

    0af1bb7f0f271ff25048ad044ea01b7f152bf171b0c80c65726125c5477ea7860ba80f04e81a00659a5268859fdffafcb2d857a2ecce9a92e330374c89feb6a2

  • SSDEEP

    384:EGkCyUk205BKRQcxkQ0OowgpoNfXnDIcoAAENTQsTImeceABiqJ0m37NpMMkgy+h:Ed/4QY0liZXnDIAAIQGIm9J04fMMd39D

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SPEI_Transferecias_A_Cuentas_de_Terceiros_Banorte_Ixe.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://sac7.factsforce.shop/dasssashytsrfwewdw4w432dcadssswe32dsfwywyw67wjjehnsbvcdfreyd.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1644 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:880
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://sac7.factsforce.shop/dasssashytsrfwewdw4w432dcadssswe32dsfwywyw67wjjehnsbvcdfreyd.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1232
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1232 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1768

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    Filesize

    717B

    MD5

    ec8ff3b1ded0246437b1472c69dd1811

    SHA1

    d813e874c2524e3a7da6c466c67854ad16800326

    SHA256

    e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

    SHA512

    e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    Filesize

    717B

    MD5

    ec8ff3b1ded0246437b1472c69dd1811

    SHA1

    d813e874c2524e3a7da6c466c67854ad16800326

    SHA256

    e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

    SHA512

    e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
    Filesize

    893B

    MD5

    d4ae187b4574036c2d76b6df8a8c1a30

    SHA1

    b06f409fa14bab33cbaf4a37811b8740b624d9e5

    SHA256

    a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

    SHA512

    1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
    Filesize

    893B

    MD5

    d4ae187b4574036c2d76b6df8a8c1a30

    SHA1

    b06f409fa14bab33cbaf4a37811b8740b624d9e5

    SHA256

    a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

    SHA512

    1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
    Filesize

    893B

    MD5

    d4ae187b4574036c2d76b6df8a8c1a30

    SHA1

    b06f409fa14bab33cbaf4a37811b8740b624d9e5

    SHA256

    a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

    SHA512

    1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FDE9C3CAAF9C86968C565A55F3BBD9AD
    Filesize

    503B

    MD5

    4e737338b4bb34f4fd46cff40ed18f9c

    SHA1

    7e2f7f95d1b3d5296d2ee424909c60fc4b674201

    SHA256

    26b1fd422a038775e0627ecf3c78e9d3dfc0021ebdadbf7d8bf64ac1565b41ab

    SHA512

    ce86ac3047fd5f99a60a3a141be9bc065a9dd6e735c5102efc4f1e204f7b3d8445a1942f45c442459fef8c1eb538156dee0eda6f28fc862dc06ce9762326ecb9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    Filesize

    192B

    MD5

    462c469edd93ad6376af156727927b3f

    SHA1

    3f8a99f2967bb6195264506ebc23cf9d0606e4be

    SHA256

    d7017a99bb454cf1a8d6a758eec34dd84380c10d4e21e33961fcd6960b6887a0

    SHA512

    e89889e13e69a7a82205e17649204f4e2a02fc22478ae3fd8fbbec1ac1e694a2fba22a8c39a3ce0c7e7f263788c1985537ff586d554bbfdf075555bbef597d9d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    Filesize

    192B

    MD5

    825e2f9314d01bd6550a5e8a60d14d36

    SHA1

    c1bcb6863ac3c5b70238fa3d0ac0d46496778509

    SHA256

    61d616de189f1350db3f5db517d54747f2aff615fecf22d8da442a13bd6e7324

    SHA512

    9720aa31fe34c4636cee0b7ed2e422b428fe901ccee001ec5db25d7965d1341848ec0c4adb2523617e200ba20f0689c769e42279983e5b9bc63ee793e2eeb7a1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3766a65b8f45cf9d5bd4b311d154eba1

    SHA1

    e77cd7235b2e9b02c7d43c6b74d4646b813cf1a1

    SHA256

    f726b8e2f3f0214c5d3d6209bf7732f2ebfd7ef40f625cbc775fc240cbad5965

    SHA512

    2f327de99b48dd31169a6f6d00e6d1b105b28475745c4b7a3387a0a440824ad9b65d0d2c571a6d787f9a86870037627ecba5e312c9e16aa46e51614a2eca0df6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    55976c4f09f2641dd44868e597bfc4d1

    SHA1

    ef14910e4f48ca6e2aaf1da903df54718809b7d5

    SHA256

    eee439cc9ed47a83df10301a948ad227825cd5605f3e8d62993b9e60bf77d750

    SHA512

    ae9b10ff1caf274a2c5b2609a8a380c8791c87115e5cd74566b07b3b428012248dd5769453706190c69eac324c992270f0a68bc722441bd02f552393ce5f2e70

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    04bf6eac22f7718d24aaee69688e7191

    SHA1

    0f5d2d2eb313feadfa1e857a2eb6c66b35598e84

    SHA256

    6bcabeae8a2b5c5e187c89ee13421d0278176ec7afb6b3f414207c0a5fc0980c

    SHA512

    0e53e0c7a8b687aa6fc118ca863748879fc14e19566ebaca2bf8e27024be4535fd0a89332aeabac62f76cce9f6b52777bbcd546e66ca0c3c5579f87334a7eadc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    085e5f2d235358272885f6f408565159

    SHA1

    7e64b21ac115117a718e6062a9d2462118407627

    SHA256

    da5cd5e101760a7d046b773b07e2164482a3687420fe1f22045fa39f2f7f4e2d

    SHA512

    c7bc309aac72deeee6655f113f03f71ece7f96d55ba49322970641ecdf084918aba7018eb8ea23f8f7720229ba9f34a9a8ad241171fc07d8800c7ab754a2bd30

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
    Filesize

    252B

    MD5

    c30f761ddd4546dbbef5172f9f73bdb9

    SHA1

    fd93a0d53a8df9b67f8a4a82f046166676a5b164

    SHA256

    d9f6126a709cb133154b82565f0deba6a18d30ea8191bcf4801e14fb32f617b1

    SHA512

    3feb2f04bfcdbba378c7256a1f9d235b0802c8896286651268382fbd8a85bb8d510ad98c95ab16d9dbfefe02e4749883411deabdf4a2c18853d1a54fcf0d4c3b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
    Filesize

    252B

    MD5

    c30f761ddd4546dbbef5172f9f73bdb9

    SHA1

    fd93a0d53a8df9b67f8a4a82f046166676a5b164

    SHA256

    d9f6126a709cb133154b82565f0deba6a18d30ea8191bcf4801e14fb32f617b1

    SHA512

    3feb2f04bfcdbba378c7256a1f9d235b0802c8896286651268382fbd8a85bb8d510ad98c95ab16d9dbfefe02e4749883411deabdf4a2c18853d1a54fcf0d4c3b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
    Filesize

    252B

    MD5

    9b20d5c7b824baebfe851c0e3ac53488

    SHA1

    d2f77f55b78ed3d23f09d6960bc22c8f958af700

    SHA256

    0a95dea6fccd14974f3d617261423dfc06c93ec7b6503437df5c3d8e946f3eb4

    SHA512

    142464a2b787e53490d0d63ad95c3f859b17232056b4e92cf28fca1ec2b1e33ba088c2359f62378cc2b21e5eefcd44a187dc0de8e1631dcb62e66bace72832ce

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FDE9C3CAAF9C86968C565A55F3BBD9AD
    Filesize

    556B

    MD5

    bfca3f2fe46afbf55f84c3ef1c480e90

    SHA1

    3bbe9b4c8cd1bde51296c47ec30e6a0b16d942a3

    SHA256

    549daa1749e58f20cf5c0aba3fbab8f98a6807fc9383fc3e9e7d9c79668d9a70

    SHA512

    12c531fa4053d9bc5fc7fd25299ad8e8de79ae1ffe76e41bc892b19357b1ebf240b56d5fc56df552f7f2d9a975121b2d35698fd9c95c0c8149aa03540560036a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{63D23741-450A-11ED-B40B-E20468906380}.dat
    Filesize

    5KB

    MD5

    6b0d1e82d1367afa8132f51b72382589

    SHA1

    fd598404a58d317c9aeafd3af255400523f96af9

    SHA256

    c24d8a82fbc0615243a729288fcc5e928a55a1ecae274726826bfbe3357f879e

    SHA512

    3be391da096256936b08a7878874ae97d02a2f515ab5d63f9ea73c139af9b550deea6a73a02202a655b689ce7a97de330e0151a75d79758856d7f30a812372c7

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y42451ZH.txt
    Filesize

    601B

    MD5

    ef12036fe0a10578b7a18f872a7af80d

    SHA1

    6596ca23610c362e44838087a35ab27eac600cec

    SHA256

    4a09b260d05cd46623a09a4a09dfb23354ab17cc6d1ff45bcca75e3a9fd76018

    SHA512

    9a14189f6e9eecb0ee5c8388a0cfc9e1937f9cd668d68c581f097098776af4d21703da870e974c1581f12e0bc593718b993da25975f77bc5c63cbd5c924158d6

    Download Submit
  • memory/2024-54-0x0000000075F81000-0x0000000075F83000-memory.dmp
    Filesize

    8KB

    Download