Overview

overview

1

Static

static

81e1676ef1...7e.pdf

windows7-x64

1

81e1676ef1...7e.pdf

windows10-2004-x64

1

Resubmissions

11-01-2023 17:23

230111-vx51padf46 1

11-01-2023 13:14

230111-qg1ntacf89 1

Analysis

  • max time kernel
    143s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2023 13:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81e1676ef1b712b92e995e8d83465feae2e014797ebfa960af52f46773f15d7e.pdf

  • Size

    50KB

  • MD5

    aa47fae2416b63d0c8f81b4729f569b3

  • SHA1

    feb243dd802b3a01fa11474d4e4227b780c14334

  • SHA256

    81e1676ef1b712b92e995e8d83465feae2e014797ebfa960af52f46773f15d7e

  • SHA512

    09723c0359f6d56a9e6dc0c5597877c63468e86a80246157ae30114d8b4b549b6cf901559f48f56463b4da75bc047912e9710f0158093272619d217509fa47fd

  • SSDEEP

    768:yRlemGAcXwTmTs1uJLK7yv3JnmYsfy0QIDcpGc+Mo0hd+gd7wco5wQ6ZpkMaYrxK:SYAXR1uk70cYsKHRhpo56Zhrxi5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\81e1676ef1b712b92e995e8d83465feae2e014797ebfa960af52f46773f15d7e.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/url?q=%68%74%74%70%73%3A%2F%2F%6F%70%65%6E%2D%74%72%61%66%66%69%63%2E%66%75%6E%2F%43%77%4D%62%37%38%42%5A%23%62%77%6F%71%61%71%6B&sa=D&sntz=1&usg=AOvVaw1sQM89pxMWYTFKCgGpxrd8
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:468 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:360

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5678aefd7740f299be24698f54a3d5f7

    SHA1

    671eef3a3eae9e92f9ed90817c6773ecdb8b4762

    SHA256

    b8bf59828ad33b7694b7bfc80f73d898f2146ff864ae2d9e668aca72f7953e05

    SHA512

    7313964a6554e7fcaa322606932beee686eecc763bf6b89e5e1e6525964f31555e3b06ffc3520abf7288087830804058721da2e51233de0637e566b72f6ad236

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    9KB

    MD5

    2162df3f6dff31cf4efcae72edbe3030

    SHA1

    2f3d4beaa00b8972649056cafb155edca859c1c2

    SHA256

    b4bc82ce246712a3a57d19669a4350d6345b4e621b32b1a662df62a7a5079987

    SHA512

    cc8294a4ac071599c40ee136f272121115fc817a78346b077dd12c54dba9da60e5e50a1cf7df7a261af5bdee41822f309282e9e3c88de2a3273bae7bfcbef94f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    11KB

    MD5

    c624ae9f9cef131a374cbfdae8f97e09

    SHA1

    80322b0cd60d00fe8cf66cff2748fe1e8df9ac38

    SHA256

    c6d3d19f761a8876c64ac14a515dc68b8f7d7d83a619e0f4f08ac13eb23cc4b1

    SHA512

    66ea2eca24043a77281641b8795cc0a28b4d32816800e36f93b5b1b3c74b8cc7c92890f5959e999d2af41a009fc7193c697c741e260a154d063a562cfa76ff28

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6OWDFS6B.txt
    Filesize

    608B

    MD5

    f4e1641278e99e237ba6b1c7f7de184b

    SHA1

    8b7b9ee6eb1e7132d8c717547fab9892aa15a35d

    SHA256

    cd30521a414f3c3b92a46e65314451c640929b56897536b34b00361f46e62183

    SHA512

    b98cb3df25ae937351d976d7f403fb2469a23a6abd983e2fa7e0b117d86fb9cc7f2d9874974c5abcbc3d27adf5a71f15868cb026e68857011ee542bbe7c991f1

    Download Submit

  • memory/2024-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2024-55-0x0000000002500000-0x0000000002576000-memory.dmp

    Filesize

    472KB

    Download