Overview

overview

9

Static

static

1

pdn.html

windows7-x64

7

pdn.html

windows10-2004-x64

Analysis

  • max time kernel
    1592s
  • max time network
    1594s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2023 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pdn.html

  • Size

    5KB

  • MD5

    23b31833a31dcb7a9409b68f3c36b6d4

  • SHA1

    70bb69f180320dda3e79a5d2626a1b22b0d22009

  • SHA256

    4f2008007e37a831c0198f631a90d1bd654054aab269aefc4fe9b1600bdc6a8b

  • SHA512

    c85c8fe434a514d06a0c554721874e1f1b189a4a390669f0c254ac7f65b5e313bb4e40d179ea52e5bcdcedc0e57c85470968770f19cab72ff7eea305f999cdb8

  • SSDEEP

    96:DBRUO0qOEZp+jAZbzbnR8hQMwMZAYcIVVCJmqeSLSTfS/STQwBdSTCPC2yyk/lkq:Xd46TnShQMwMRkmqb2eKJqmPC2KXqTCR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\pdn.html
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:592
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1852
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x498
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1476
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap25375:126:7zEvent3261
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1604
    • C:\Users\Admin\Desktop\paint.net.5.0.2.install.anycpu.web.exe
      "C:\Users\Admin\Desktop\paint.net.5.0.2.install.anycpu.web.exe"
      1⤵
      • Executes dropped EXE
      PID:1788
      • C:\Users\Admin\AppData\Local\Temp\7zSCF68FF8E\SetupShim.exe
        "C:\Users\Admin\AppData\Local\Temp\7zSCF68FF8E\SetupShim.exe" /suppressReboot
        2⤵
          PID:1204

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      2
      T1112

      Credential Access

      Discovery

      Query Registry

      1
      T1012

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        Filesize

        61KB

        MD5

        e71c8443ae0bc2e282c73faead0a6dd3

        SHA1

        0c110c1b01e68edfacaeae64781a37b1995fa94b

        SHA256

        95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

        SHA512

        b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        55e3d5c675e781fcb01ff798d2cf990f

        SHA1

        5d811a16fa9356f3abc68df655fe0c34409f796c

        SHA256

        ef0a2ba47bb9119e65fb2ac41f0ff6e4a40781a779198e6bba4db511cb621308

        SHA512

        b68101a4cf7f659b94b3ab376124e35b3a75df9cd12af8079663fd6976f2eb8512328edc601ef1f4c9a2b1a18f2bbcf9e100d9c5ac53d3c6120097099c457879

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        a3e35a61c3b212ad3c9c5c25210a3abc

        SHA1

        a57fcd85eabd0ad604eb7fa949c0072701f21d5b

        SHA256

        57d9df9b9688298711408016d682e385fd715ae9f29ba494456716131b8fefb3

        SHA512

        49cf581a0dc1845afdc993b9229eb54aa8084f93699b35f71000e935957a913908ae1ea59b01e5bb46546556eda771b10727c9fe7c5f1d9a2ee0801363ce6c66

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        651c246c85bf657a7f8504585b04f538

        SHA1

        61f134754509338b9a9ef223a90a9b41924dabcc

        SHA256

        522f77665586ca89d802613b22ff4fb164198b8ae543112739f59bcd1f5ccdb3

        SHA512

        55bda6f24072e30b4fb490ce90f079b23931d7b045d324a67f336d34692f7a1e3d5129d5ef5367fff2e7a1011ee416dc5e032b99169a26123922205384a94165

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        ddffa3fba81be3d6075556360d6c4125

        SHA1

        657a253e5385f9dd88f7c596a0b07e8ad4e3e513

        SHA256

        9282092bf99b14a9fadc03aa4ae60c391d2d35c8ae00f78036eeb60bd6577e8b

        SHA512

        42349eeb9fde5a432d9d87c1aed2c1d5cbd2219731063fcc0bfdac270744ea7064b962f34dc48ec6160806b04379726a89b3133c812911a930cafa191515ab84

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03S7L47X\paint.net.5.0.2.install.anycpu.web[1].zip
        Filesize

        734KB

        MD5

        e89beda41843c048e1ac4272433daa6c

        SHA1

        24137615dd6eaa6b465aae19966622f1c6be85c2

        SHA256

        ed96caac4a2ea5f3c8a295008cde2cafa667820254ae80a1cd87a9a494f0c739

        SHA512

        30b2c62cf1468afeb8ee8578dc7ccdf5413443bb1a010fec1813c576678a178349e66e4d6a0d00c209102ab460f33e7bb031e0ff1d686a77bc05dde6be2efb51

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03S7L47X\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Cab4176.tmp
        Filesize

        61KB

        MD5

        fc4666cbca561e864e7fdf883a9e6661

        SHA1

        2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

        SHA256

        10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

        SHA512

        c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Tar4178.tmp
        Filesize

        161KB

        MD5

        73b4b714b42fc9a6aaefd0ae59adb009

        SHA1

        efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

        SHA256

        c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

        SHA512

        73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\Tar4323.tmp
        Filesize

        161KB

        MD5

        be2bec6e8c5653136d3e72fe53c98aa3

        SHA1

        a8182d6db17c14671c3d5766c72e58d87c0810de

        SHA256

        1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

        SHA512

        0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\~DFA98B5024A1F9F31F.TMP
        Filesize

        16KB

        MD5

        b6a0f52a0d0308601442892955688114

        SHA1

        7793570cac92cf99de938aa18a3bb5d377d6dd7d

        SHA256

        1ebabfd65b2a2889a2e1daff20ccef1e4d052bc8d17bea18b4aa26dec1cd8a16

        SHA512

        29a0794d54a88cd65d5a75d9b825a21b9cf277b710ab022cef5d1975ef7c03ecd0450500f909a78bb47d0f461cbe49c63bd48324d974ed8a1741d51803982331

        Download Submit
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0JAY33NO.txt
        Filesize

        606B

        MD5

        ce2a0c96e8efd2220e5b0f804f24ea37

        SHA1

        2a13d5b3774c2fcf2d77ede253a09dd94959d426

        SHA256

        22073072b633f70205f4134fcdc82802990c4d8ce9d0d862cfdfab0ab3ba623c

        SHA512

        629c81f03aa77b67e7f46f9911622eecb32da9cdabefe5df7cdededb554c38fcb231633cc968874ca9266a31e4c6f55f5afd812442b35bc7c77b6afe1959088e

        Download Submit
      • C:\Users\Admin\Desktop\paint.net.5.0.2.install.anycpu.web.exe
        Filesize

        1.1MB

        MD5

        6a5e8c6eec9ab6ed7088bc35739e52d5

        SHA1

        be77e05970628d62c65b0bd609ef7ab5bb705c8f

        SHA256

        9d3edf7ade8ce94aaa6038e894562229e002a86840835e573caf1116e7b928a5

        SHA512

        e56e5356bee8d6d942f1bee7acd0a31fa03f51a7614df6f7bcdec89ec26cc3e7ea686892325938e7156f23c78814e0a9f04eeff255853939b157004ed6c12ed0

        Download Submit
      • C:\Users\Admin\Downloads\paint.net.5.0.2.install.anycpu.web.zip.7y4yh3g.partial
        Filesize

        734KB

        MD5

        e89beda41843c048e1ac4272433daa6c

        SHA1

        24137615dd6eaa6b465aae19966622f1c6be85c2

        SHA256

        ed96caac4a2ea5f3c8a295008cde2cafa667820254ae80a1cd87a9a494f0c739

        SHA512

        30b2c62cf1468afeb8ee8578dc7ccdf5413443bb1a010fec1813c576678a178349e66e4d6a0d00c209102ab460f33e7bb031e0ff1d686a77bc05dde6be2efb51

        Download Submit
      • memory/592-55-0x0000000002970000-0x0000000002972000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1308-54-0x0000000003060000-0x0000000003070000-memory.dmp
        Filesize

        64KB

        Download