Overview

overview

6

Static

static

3

09432b7ec1...f7.pdf

windows7-x64

1

09432b7ec1...f7.pdf

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-10-2022 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09432b7ec107330c5fad0f93dd6e58c99a15c4c37a8e25540b42702e72ad2af7.pdf

  • Size

    43KB

  • MD5

    8a0e49f7ef8df4c2032def1154c580bf

  • SHA1

    324e3b154e0339077e1943f738c91d35754b0f67

  • SHA256

    09432b7ec107330c5fad0f93dd6e58c99a15c4c37a8e25540b42702e72ad2af7

  • SHA512

    46fd0aea1f3b7687ba0e873d7d19b376bd4f9380d1bea72aec375bc328d33821b559101bf583d85f66e18b285b3c1bfaa5d070a65c76e7f4389b4753105c30a9

  • SSDEEP

    768:SmPoD0Ry/mcmF/DxpzqKJAPQ2GwUDc3CGL8IpNZ9HUpux9K:geFbGupmP7b7Hrx9K

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\09432b7ec107330c5fad0f93dd6e58c99a15c4c37a8e25540b42702e72ad2af7.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pspmrsmbpj.com/opac/repository/minecraft-story-mode-free-download_GM479516143.pdf
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1076 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1788

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bf66b6370579e402f5d17d9c6434620

    SHA1

    4453ba0dd3671d4a02f7ce58bff6a4d3f90f71f8

    SHA256

    08994cc20bd286840cc8021879bf0bb94b40b1b183242596e4f84877be344364

    SHA512

    0366acf9d6fe1964ed558baa560fcec8943363b94f690a267cd880c24f29b36b335778f0ae1b07d8d2689a5c7921ae809dbd0b2f53f7e3fff60efd2399350815

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5e635f7bdbc829ca4e31d09f5b4e0652

    SHA1

    6f3419d31b8ad295059a1fbd6296f3024d32f4a0

    SHA256

    78b410be3b882052e3d9fffaa24f0bdd562e1f5656f8eef5c7373939753cb78e

    SHA512

    56e8f5fffe035a6deba3630f71e26b1e670123c26751dd1b70cf4babd6f81b642d5fcdfcdb8369e5bdbe0883c0e45836d55e359144e1c9805ae07617c679b044

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
    Filesize

    70KB

    MD5

    0329b71a23a941484f753a46061d28b1

    SHA1

    231449c2b259a386a3acfdcd1eaba4a294ec9adb

    SHA256

    e3705e800bbf89a228f4c77b866eb1738ea0a409d0a0fb11280ca0d68d8a5539

    SHA512

    69d5be281eff97b3a6e00d22f51df152ceb8be3bcdc128ec8bed7334a2484f3b4eb8634deefab0d998c3b0eb87c5c21a013f68862deeea622604fcd9630848ba

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5I5TTEKS.txt
    Filesize

    608B

    MD5

    6478d8fb103877d6b4eb42d4f1d2e31c

    SHA1

    c11e8be2099532c26ef4bed52dc65b64eb42954f

    SHA256

    f49b6dd37f96bccd56c5842b6024306f5e1831d186233f72a1e43aee32c97afa

    SHA512

    865c8b2f6d44eea506cc0caf7e4d3d0401b1c480266e42d372d789d9fd8d8b2fd1dcc91337f354f99b1f8a646a351064b410163bd4c87fc7c2ad60c88ba17a58

    Download Submit
  • memory/1664-54-0x0000000075981000-0x0000000075983000-memory.dmp
    Filesize

    8KB

    Download