Analysis

  • max time kernel
    118s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 21:34

General

  • Target

    https://acrobat.adobe.com/link/track?uri=urn:aaid:scds:US:6772dec7-bcb1-481d-8dec-8c4ff9962317

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://acrobat.adobe.com/link/track?uri=urn:aaid:scds:US:6772dec7-bcb1-481d-8dec-8c4ff9962317
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:960 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:576

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d5cd49272beab1f144884649506e802b

    SHA1

    c278c6fab6e2fae03d969e0b22510b40cf3bc639

    SHA256

    e1d300dfeef5c4e8058f2d130ea1c46094d9c96a67a3a20408b7166922a99e29

    SHA512

    fe120b29ad206eb6e9df2246e070ea57740f2796a2de528b7df9985e5a17225743910021933025fc6ebe9f37fcc89ce61753c7a7f8779b9fe48020f4a331ac87

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat

    Filesize

    8KB

    MD5

    549bd5d3cc975fcf0dc7b011b0dba3a0

    SHA1

    738ed5d08a8d66edc779d33f213f3b6041a3e7b9

    SHA256

    e4b95200e52c6dd8c14ac3abf5bd63cdb2855572313fdbe3ea89b978e62b9771

    SHA512

    cd7700cf0bda041cb360a91abf86316219705e65a890418e1e9a1b66a2d506e366b920bc44569139a4141040e8ca419beed8372399943ec052f9171f677d8c24

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\356ZHSV4.txt

    Filesize

    603B

    MD5

    7c86ca1d16fb7bd8e09fffb8bad47420

    SHA1

    53278e1eaa9dc8b65cd3f1a9ed5f3fa9c813b858

    SHA256

    977ac53987e7e3f80021a7d50f78437c08e7553cf0bb9cd31c0c2e1f871ceafa

    SHA512

    37c4b777abfdc81312eb55bc652efce13361eccd4187f0e7b714938502966947312c2053d2cd09bdac7ce4dd260d296d1471c0af95f7c5974dbf58a306e9bf8c