Overview

overview

10

Static

static

3

Request_1-...36.pdf

windows7-x64

1

Request_1-...36.pdf

windows10-2004-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2023 17:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Request_1-10_INV_236.pdf

  • Size

    127KB

  • MD5

    97d0e8f68b3f57d9a30fc01bb56da4ed

  • SHA1

    6a7ed2bc017749e89ec78071140cf75d0cee47f9

  • SHA256

    f12671f2c75f6775b37f4edb1f72bef6ead512102a9860be67cc0529971c72b4

  • SHA512

    dd9fa6a1c854e420f99d28dd04f7c555003d75817fd00ab75bd331a9842a6d572d4f48a7d948e684b3c9b3414487c28222929bd5a1b4c9559da0eefc77ee1e62

  • SSDEEP

    3072:431i8aurDTSoWqSHuov0kPp+eLRwikxFmaOKaUaUMC/uByslS:vG3SoWHRcw+elamrQ3MC/uQslS

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Request_1-10_INV_236.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://firebasestorage.googleapis.com/v0/b/direct-topic-372419.appspot.com/o/pmdlvfW1wx%2Frequest_01-10_INV-282.zip?alt=media&token=91a0b8c3-a22d-441d-938c-cd97723f16e5
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:884 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1772

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\request_01-10_INV-282.zip.pc2n8t3.partial
    Filesize

    310KB

    MD5

    1c75d3c92219370c1c9c26b447d38025

    SHA1

    d96fd01510fd413caf8b352b1d886c2d7aa54c6e

    SHA256

    45b9f455db544f13bdbbb69ee9b600545e8c2964dcc3ef097b435479cdaa1d03

    SHA512

    1518473f418e47f1bbcbcb1773c6f3186a5c00a7b74cd01297abbec0e14b714031b862d7a9fd3b233d522f6f7208a2c8a5e1dedea3d07be974c278f44a4a2723

    Download Submit
  • memory/1304-54-0x00000000762E1000-0x00000000762E3000-memory.dmp
    Filesize

    8KB

    Download