Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

1

Setup.exe

windows10-2004-x64

10

ccme_ecc.dll

windows7-x64

1

ccme_ecc.dll

windows10-2004-x64

1

icucnv67.msi

windows7-x64

8

icucnv67.msi

windows10-2004-x64

8

icudt67.msi

windows7-x64

8

icudt67.msi

windows10-2004-x64

8

vcomp140.dll

windows7-x64

1

vcomp140.dll

windows10-2004-x64

3

vcruntime140.dll

windows7-x64

3

vcruntime140.dll

windows10-2004-x64

3

x86/ACE.dll

windows7-x64

1

x86/ACE.dll

windows10-2004-x64

1

x86/AGM.dll

windows7-x64

1

x86/AGM.dll

windows10-2004-x64

1

x86/AIDE.dll

windows7-x64

3

x86/AIDE.dll

windows10-2004-x64

3

x86/Acroba...OL.dll

windows7-x64

1

x86/Acroba...OL.dll

windows10-2004-x64

1

x86/Acroba...es.xml

windows7-x64

1

x86/Acroba...es.xml

windows10-2004-x64

1

x86/Acroba...32.dll

windows7-x64

3

x86/Acroba...32.dll

windows10-2004-x64

3

x86/AdobeXMP.dll

windows7-x64

3

x86/AdobeXMP.dll

windows10-2004-x64

3

x86/BIB.dll

windows7-x64

1

x86/BIB.dll

windows10-2004-x64

1

x86/BIBUtils.dll

windows7-x64

1

x86/BIBUtils.dll

windows10-2004-x64

1

x86/CoolType.dll

windows7-x64

3

x86/CoolType.dll

windows10-2004-x64

3

Resubmissions

21-02-2023 11:28

230221-nlek2age2y 10

19-02-2023 16:26

230219-tx2gtsga45 1

Analysis

  • max time kernel
    110s
  • max time network
    172s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    21-02-2023 11:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x86/Acrobat/Adobe.Acrobat.Dependencies.xml

  • Size

    298B

  • MD5

    7bae8b27f113f2c1bdc4181b99117fe9

  • SHA1

    541f5fa5fa52885e0068a6b891537f254e334609

  • SHA256

    dae02d5688314c66f9001728eeff6010e8af413867dfe4982b6b2c66625d9bb1

  • SHA512

    803342e6b91c444128e3fec7e8f64757ec3531e4e4efb5e00a7ae4d7b1fc1cf1d4a42d20b1d986c1a4090567abee79be657983253bd9e8cfdd121a5cbdfc0849

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\x86\Acrobat\Adobe.Acrobat.Dependencies.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:520
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:764
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:764 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1656

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d2a7992d859aaed2dd6dac64bb48e3c

    SHA1

    668018293b8373fafb8f6df9b385e388b680ef39

    SHA256

    50bf412478ce46440ea4716b2afdd5afa3eaf29b692349e74142a00e1f5784fc

    SHA512

    cad716901dc31be1699841dfdb45d1ef99b22248df34119666fbeae73645d82b345bdb6d3d3db07e2d9f40387f94388f0e81e14175f435967a1e645cc3bfbe85

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3224c6f3fce45fb09a47010744467270

    SHA1

    8042a3a69d2149f81923393a184b544a43c20d1b

    SHA256

    9e155bc4da82c0600a5eea4c95465073e4d16a555d61016d9fa1a68c1508ccea

    SHA512

    0d7d3ee04741498e91e71968dac8958c2ab3811b7c6764646474d9ae5dd0a82cad90b81a25bcb675702ce9854a0e56e6d07a8f1f023703a3815fe04ddb58d679

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cebf867b4d1c89d5a86f25663cca478a

    SHA1

    040f78a9e898019fa936897b2f1e29dd40960474

    SHA256

    641b159aa6e28af41c6f5c79f697ec53e711ab1f90e6bb2ed89467dab76e1d0a

    SHA512

    e9d1a47fea830722fc681c322ae2ac3b4d3c7b2efe1035f210138740e7be7c11a7bd63f503a143b8403885bcc5ad10b214a13753169e77d9979a3beff534dc19

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24a2d5c1c7c882f37e6bad09e1c57beb

    SHA1

    d04b27372acb726c235dc78ed0aceb5c5d98d5c0

    SHA256

    4b95a3a5fc180bac4497f140ba882db42940befc7b465021d31321bd1ab7c976

    SHA512

    30722d5ebaa48651a1579ada246d9abab28407b6420a4d4164c74f059d0812e4afd194455ce33310ed940018a7ba4f154cca740720e490fa713de0edb970356e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC7WQYE\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabF183.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarF261.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\83N4GNHQ.txt
    Filesize

    599B

    MD5

    826dd2aa5f48ec8d30fd16d56915af91

    SHA1

    e7128a52bd3eb1de5b29288f5759a932a87afa31

    SHA256

    88868f7b115775389d7f7597efec9c06384b281f3ca48516be3e2b2844d2ec1b

    SHA512

    b21b6d9596e4bc7cb3309e660eb7a5db7a98836b5c0f8ee939e8cc8db32c956acd39ba585c74e3bb57aa40a900230a5420bc2b1577f9bbf36a734a0ecd296e73

    Download Submit
  • memory/764-54-0x00000000026B0000-0x00000000026C0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1656-55-0x00000000022F0000-0x00000000022F2000-memory.dmp
    Filesize

    8KB

    Download