Overview

overview

6

Static

static

features-o...rs.pdf

windows7-x64

1

features-o...rs.pdf

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2022, 11:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    features-of-culture-worksheet-answers.pdf

  • Size

    116KB

  • MD5

    ee7291c58cb09960b0115d6a65721134

  • SHA1

    e23522a79aae83b4897a4f78df5a8cfeb848936c

  • SHA256

    eda23fed1c4dabb89c0532b4d0b7b9db6d87a4969e39e53c1d86173a7f1ccff3

  • SHA512

    e931d3d82dd35b7a589e089c18427355a0ffc79cfb508bb0cf936a091db1fc3c7b8881f48139cb246e9b32b6d987949f3ce5854ef10d7c11bc55df28f3939e32

  • SSDEEP

    3072:YZp6wnaxx3jSmg5WZKesC28sfHnCD6x0aTFoG2A:i+r+mgGKk21NRTFx2A

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\features-of-culture-worksheet-answers.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://machinertrap.site/Features-Of-Culture-Worksheet-Answers/doc/sitedomen/7%7C35940%7C5%7C%7C1%7C1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1752

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          3dcf580a93972319e82cafbc047d34d5

          SHA1

          8528d2a1363e5de77dc3b1142850e51ead0f4b6b

          SHA256

          40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

          SHA512

          98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          53acd08baad7124de6b357cbdcd61d2e

          SHA1

          bd74c7b312b62c895d2bec5c7998290f31a5f276

          SHA256

          c0fbe0bc2d4d768383a7628ccfdcef7df017526954acb696cd40e630c3209d50

          SHA512

          17af6748c0c19a12caec9aa801cd745cd504c26df8736b3df8dec8ced111b2a26b1545fc5bd496fdf27d2b5a69d321e8b8a325de5698ce8e206cbd7a0c552416

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KRL82MP5.txt
          Filesize

          535B

          MD5

          f9fec8c2d536ab824e7e6a905089a648

          SHA1

          d8cdbf14ef0f47f9a83ca075ae77a786da50295a

          SHA256

          b0befe120668458f97d614c4e83b6fea709f78c2a0bb3af9bf5176db8ec57cbd

          SHA512

          124b0ff10d3991a1a516e7228fc385110b95b30d0acb736bbf28188836890492a2908b1ad47e054b5570f8dbbe69089fc7c1e4e2ea9f59678772036e38bbf236

          Download Submit

        • memory/1492-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

          Filesize

          8KB

          Download