Overview

overview

4

Static

static

4

THE PROPER...UE.pdf

windows7-x64

1

THE PROPER...UE.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    72s
  • max time network
    83s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2022 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    THE PROPERTY LEAGUE.pdf

  • Size

    31KB

  • MD5

    0c296e920e4f26cd01ca6b4836c1b2e6

  • SHA1

    f5c225e9d56eb5b0234d424c686ead1002307002

  • SHA256

    b171a44387c0aefd851068fcafed96de79e931e7a9d95eb65380e71425bae9a1

  • SHA512

    e4785c98c742ebf904c48d37b71137a368933a53f1c8dfc93e6117489a7a56dd42f2b3d0e471b2ca77e944ac63ae93aec7a61041b02378350031370102d973d0

  • SSDEEP

    768:yDIxjZFWp0/ti6wtNOeLerr9kKbx0CIyDTyXAB9n6g/qLlFk8F:pdOVeHRx06DTyQHF9G

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\THE PROPERTY LEAGUE.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.acibastos.com.br/on93493_732832newupdate/1/21421.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:112

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb0b21f2a4805e18ed308f52b0dc49c5

    SHA1

    86b9c88a9986b036190f4d4da2d47f5394494114

    SHA256

    3c622c8890eb5b17cbaa2897ef0c31e6b45d50f5710671ec5613cc02de3d2846

    SHA512

    b6ac948fc72bb37ae0bb2024c90e78476cd25c14d38d51a69563322b5aa148ed0a5a534e30189981180ffe8687808c44dc8307d22825d5ba120a2f6dc0db99e0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TAR9OKL9\ac7524407d19ac9e670a3e3b7bd7ebc3[1].jpg
    Filesize

    30KB

    MD5

    be5274af7d8bd25b8148a190ff515399

    SHA1

    b8d0850fd92ee935287e17988b89e53607808c8c

    SHA256

    26c62dbdf527b8dcbf378ea62f129cbbba3b244730687909ba21ecd729c9d2e6

    SHA512

    64893c625be72783088575e36ef26ff4573243f32601bda754eda72b7515063b5e4e4831697d16ac663529c910ae12ccd145bec530f2a9bae4d9324301c65667

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IAAXQA3W.txt
    Filesize

    608B

    MD5

    f2dc8e3d182c443fcea1f511d60a99e3

    SHA1

    132f4210b4eb904d0fd3671cb8fb61626d86f106

    SHA256

    e26e4e9c4a2368b784e925f56bc1d21299ed871b83e9d6225247b540b5aee901

    SHA512

    52ac0e73daf66b35aeea0b6027d36a0d348e65e186bfe33dee8aea8c9d8e95bd4da26909885c92b0de5b30bae1d53256f83dc84d3b5ded08cdb813c8f257e37a

    Download Submit
  • memory/2032-54-0x00000000766D1000-0x00000000766D3000-memory.dmp
    Filesize

    8KB

    Download