Resubmissions

11/01/2023, 17:23

230111-vx51padf46 1

11/01/2023, 13:14

230111-qg1ntacf89 1

Analysis

  • max time kernel
    120s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2023, 17:23

General

  • Target

    81e1676ef1b712b92e995e8d83465feae2e014797ebfa960af52f46773f15d7e.pdf

  • Size

    50KB

  • MD5

    aa47fae2416b63d0c8f81b4729f569b3

  • SHA1

    feb243dd802b3a01fa11474d4e4227b780c14334

  • SHA256

    81e1676ef1b712b92e995e8d83465feae2e014797ebfa960af52f46773f15d7e

  • SHA512

    09723c0359f6d56a9e6dc0c5597877c63468e86a80246157ae30114d8b4b549b6cf901559f48f56463b4da75bc047912e9710f0158093272619d217509fa47fd

  • SSDEEP

    768:yRlemGAcXwTmTs1uJLK7yv3JnmYsfy0QIDcpGc+Mo0hd+gd7wco5wQ6ZpkMaYrxK:SYAXR1uk70cYsKHRhpo56Zhrxi5

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\81e1676ef1b712b92e995e8d83465feae2e014797ebfa960af52f46773f15d7e.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/url?q=%68%74%74%70%73%3A%2F%2F%6F%70%65%6E%2D%74%72%61%66%66%69%63%2E%66%75%6E%2F%43%77%4D%62%37%38%42%5A%23%62%77%6F%71%61%71%6B&sa=D&sntz=1&usg=AOvVaw1sQM89pxMWYTFKCgGpxrd8
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:568
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:568 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1896

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3bd73daed6017677e799fcf96bfdea30

    SHA1

    d69163634e2257a6d626718f86d9054492e5e415

    SHA256

    0cb457ed52ebed3d3aca66402c6cb7bcd6bf626195b77bac609f8823e78f60a2

    SHA512

    f6b30de42a9c4c094759aa36c8e860ff8980f5a9e3207d27d7fc9920d625204069891e3fd4f5c9ac0fc4052bde370173356e73ec969294210f59b090b6bda0ed

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

    Filesize

    5KB

    MD5

    f25b90c1ae565716c001aca9548205a5

    SHA1

    fb22b30b3dc26755149b5dfd5af04d19158fccaf

    SHA256

    f1519bb82db105f10eca86cb8c3da65460cb29a7f9a9db824ead7b1a42366cdb

    SHA512

    a0cbdb5f4dcce24aa1205ef8b6983fd6dcf0b6d3b4aba685aa17ad18c8bfaa28058127a42e8e696ab35370f2940f10ccac7f2d4fa01bd2e04ea62ef6fdf7fdab

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat

    Filesize

    6KB

    MD5

    ce924d1a0857d37e300e3be83e1d97c2

    SHA1

    113e2c465577bc1603432832ed0085e928b172fd

    SHA256

    417215a7f3afd51229b672e9a8d9fbc6e943bb12ea3718e4cc1fd18f1dc0ae41

    SHA512

    d9108cb4e84507b7eb2f0445ca88b5a6da978b04f1ec1b7f46c5dd263e65eaa77865214c8c6df185815caf7ca1a3bb2fccf20901a1c865cb3485bfbd7b904984

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MPGEVX1S.txt

    Filesize

    601B

    MD5

    875c6e89ebb724617c15b05ffbaced82

    SHA1

    257d3c5ac034469de8d8f04143622a882a0da1af

    SHA256

    9f3864ca39060a874eddba26fbcdc1641051766a5af513cc7ba19ff9e588f720

    SHA512

    ea282a679030d16cb7c334d25caa8a1aa8f7e1d67fa9c257d45a3240d8d3221e00e1e939c53c8fa0c871c0d899017edc4f59fce552ed849fd7ef478bfb9d768d

  • memory/1532-54-0x0000000076941000-0x0000000076943000-memory.dmp

    Filesize

    8KB

  • memory/1532-55-0x0000000001050000-0x00000000010C6000-memory.dmp

    Filesize

    472KB