Overview

overview

3

Static

static

3

3.pdf

windows7-x64

1

3.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2022 09:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3.pdf

  • Size

    68KB

  • MD5

    107aa90d20d0730a9b09e579003cef2a

  • SHA1

    2bc79fb0602f2a139604d794d99ec48ad1e41c1f

  • SHA256

    7c62d2425795ebaf71e908d9c0091fa4662bb75ddf8177566d1f4ae4665e2fd9

  • SHA512

    2f7878aaac5a21199b2f34670698a5c6f950d54ea650bf0ae255e753dbe088153e8449a2e500e0ffb68e87bb6bf95766ef274ea34c399f3eb495c6a7f687d1d0

  • SSDEEP

    1536:2E0BN4zBDNddqKK+h35JCBOUNcY+XRdwU68moBN:24dqYWmPmY

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://trock4.xyz/cgi-bins/3/?M59AilkNaUEk8mw83TaO2g0uL3solW0Fk7PZYooi4LyL6GKCXYb2NYmVRVJv7GDtehzlFhHM59AilkNaUEk8mw83TaO2g0uL3solW0Fk7PZYooi4LyL6GKCXYb2NYmVRVJv7GDtehzlFhH
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:340993 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1240
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://trock4.xyz/cgi-bins/3/?M59AilkNaUEk8mw83TaO2g0uL3solW0Fk7PZYooi4LyL6GKCXYb2NYmVRVJv7GDtehzlFhHM59AilkNaUEk8mw83TaO2g0uL3solW0Fk7PZYooi4LyL6GKCXYb2NYmVRVJv7GDtehzlFhH
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1704
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1048

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    Filesize

    2KB

    MD5

    34feb9279587011e5bd1bc825e7d2943

    SHA1

    d7ad421c0f4c305936e4b6b1ee3b4d73dea0b094

    SHA256

    96b9b67b871e3adbab0a5b0ba635679443636a97c7dd2f19fec1b45a2dd36a5d

    SHA512

    9fd6ff36a966661ab2ccd5e0c2dd0b24661fc87686fe039db97f79eecbb1504ac9735462b16d8657ef900e3bc405c149ff98c32aa1c682b83d2ffd2382b5f285

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Filesize

    1KB

    MD5

    28d104709bf1eb7d9b0f50c9b71f8ffb

    SHA1

    3622e9c08765df6b773b7f9d28819d289ddc5894

    SHA256

    9648713c60ba24ca1550adc7eafcf81438c6e059e63f778d4461fc23044213b3

    SHA512

    175dbcc54a2c013f87bebeced0ee569f9d56e5eeb67c65fb1f0c3ac55fdf9a07251abdbad951d270b635af0031840b48e4521aee7b211f68b18479e75e56a2cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8FBF80F5AC46044E7463919A40B125D
    Filesize

    471B

    MD5

    591fddae192eaf7ecfa834f820dac4af

    SHA1

    4f8cd772069893a632fa2c048c3183536f4085b3

    SHA256

    069ca693ee44e8c59d2f302a0406e7733647d31cca604ce1efdd13530ca33c24

    SHA512

    f291a1b7972d1d4c037217c6b870a57239cfa37ab0fc763a5f122982b55339ed4d2b6300feaf293145071984b3d49fbdee9ca9a7711f3a089593e09ba4d66489

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
    Filesize

    488B

    MD5

    ab231ed66a9bb6efc6626333c340d282

    SHA1

    6068ec49d810d6b9bab4861a75119165c285e76b

    SHA256

    215cd16398f940417d8dd541b19b52017fbb95790ae6a3826ce3f185e1fe1daf

    SHA512

    33ab2600f4cc0bdd4f494b31e2ae1b4970c5f3afda960fa496423f43675639006fd177adf49c597a41fa21b5bad3f8ca1228f26f8a42e22caff6a29fc0f481ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28e9510555e39fca9e416521f998d2ee

    SHA1

    799d9a714903a457777cac41842afa77b41799a2

    SHA256

    f735f774575aeb02903018be0dca93a1f9f5c77cc4e7b5c64b368bb5661312ba

    SHA512

    cc83257714cc99690b0bf3595bb4483087eefaf7fdf875296a02dc28871a1438d8d386eacbcb7dfe6ca7e7e7767c71aca952ccb3dc7af6ccb5b74f8465e02c04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a968346c10502bd963555a8ebe8359b

    SHA1

    c796ab68c3ea705fdca5b685e87c6964c1a0e49d

    SHA256

    c19add7bcb019b7c40fe397f18818b85b9d44a7713394b7529c1511894cd83dc

    SHA512

    d3db388761b16d687939cb2170dd3dc3d7e409f4887567752b619254d22db8ffc23eb261a14ee591ce4f5494d02695848c9bc1682e162c4d51834b4468a819dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a968346c10502bd963555a8ebe8359b

    SHA1

    c796ab68c3ea705fdca5b685e87c6964c1a0e49d

    SHA256

    c19add7bcb019b7c40fe397f18818b85b9d44a7713394b7529c1511894cd83dc

    SHA512

    d3db388761b16d687939cb2170dd3dc3d7e409f4887567752b619254d22db8ffc23eb261a14ee591ce4f5494d02695848c9bc1682e162c4d51834b4468a819dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Filesize

    482B

    MD5

    4740e8208fdd0bf35de502e406a099af

    SHA1

    188b0ce62f4b3770ebae47ecca359d1f07f5a8e3

    SHA256

    d3e6ebd9b30c85b9194f2e51b167d37c1e7c44345e983ab8ee2d0983033b9c42

    SHA512

    b24b572465c362c98b15f722612717228e6c815862fda48f66095290bc6a3f3654484b91fe169f175a0989cc877aca26652000abc784a8b9566504d47fd0e560

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8FBF80F5AC46044E7463919A40B125D
    Filesize

    484B

    MD5

    e16eb8a0abd8cf75a78b3f235e35fd71

    SHA1

    5ec214b57c956c6e27ed41fda7c99768fa7e815e

    SHA256

    4b7023b8d7ff1a0ffebb144c46f60fc8f2d12e245d39bee20a430aa25ae45d36

    SHA512

    72e604ec4aa0250252e87eafb85a52ce29f32c043eabef75e0870628f6a9c1ef062a47cf3b919b8302f67f1d7977a8c0ff7f68ce796de3ba1861488bb8727c43

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA653E31-56AF-11ED-93F0-EAF6071D98F9}.dat
    Filesize

    5KB

    MD5

    ef9f42dbe96a731954d1bf4a89b74828

    SHA1

    6f4177270717ae51025deb99c70d2bb4ada27143

    SHA256

    f3bb717fe45c3ea2c4189bc0694c86adf420544b0cc4aff1eb701380192d32d4

    SHA512

    a04cb8612668359efda4f15a2d03f4982264c81047b2443d9cfabd45e2025be86d433521c6b716fa270d7fd3a104ba0d15dd6436a4a96bb75f5af408ff56c863

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HF04HR6D.txt
    Filesize

    608B

    MD5

    16718b49f9b773c3bce38b30daea99d9

    SHA1

    c5104acd17f45c16bafd44c9fa024633e30d2e23

    SHA256

    9a5dd93bcf4f04859f2a09d1d80b4e6d95b1325c6854a954f5826163b65958ee

    SHA512

    e5599f5ecf70f31b457f09e9555258ccea4ba50c0fd3ed5791770ac17350f3ce781840bab6df69d7e3a02f8211deb3fd1d44fac30882bc78f5408582727a88ec

    Download Submit

  • memory/1280-54-0x0000000075811000-0x0000000075813000-memory.dmp

    Filesize

    8KB

    Download