Overview

overview

4

Static

static

3

Russian mb...gs.pdf

windows7-x64

1

Russian mb...gs.pdf

windows10-2004-x64

1

Russian mb...19.pdf

windows7-x64

1

Russian mb...19.pdf

windows10-2004-x64

1

Russian mb...B3.pdf

windows7-x64

1

Russian mb...B3.pdf

windows10-2004-x64

1

Russian mb...VM.pdf

windows7-x64

1

Russian mb...VM.pdf

windows10-2004-x64

1

Russian mb...al.pdf

windows7-x64

1

Russian mb...al.pdf

windows10-2004-x64

4

Russian mb...90.pdf

windows7-x64

1

Russian mb...90.pdf

windows10-2004-x64

1

Russian mb...2B.pdf

windows7-x64

1

Russian mb...2B.pdf

windows10-2004-x64

1

Russian mb...IA.pdf

windows7-x64

1

Russian mb...IA.pdf

windows10-2004-x64

1

Russian mb...ED.pdf

windows7-x64

1

Russian mb...ED.pdf

windows10-2004-x64

1

Russian mb..._1.pdf

windows7-x64

1

Russian mb..._1.pdf

windows10-2004-x64

1

Russian mb...al.pdf

windows7-x64

1

Russian mb...al.pdf

windows10-2004-x64

1

Russian mb...k1.pdf

windows7-x64

1

Russian mb...k1.pdf

windows10-2004-x64

1

Russian mb...k2.pdf

windows7-x64

1

Russian mb...k2.pdf

windows10-2004-x64

1

Russian mb...al.pdf

windows7-x64

1

Russian mb...al.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    152s
  • max time network
    163s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    13-04-2023 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Russian mbts/CleosRealm-T80_manual.pdf

  • Size

    19.4MB

  • MD5

    ec19498e9e3183780ba302638322653a

  • SHA1

    987b7462d80330cabad0037255d3c8e1dad7933a

  • SHA256

    1340cdb1fce316cdc28f954db9c5ca31b50a36f027628fae61136fe825a5577d

  • SHA512

    aedefc461c1837371e9af1a3d4b2861782b6169e5e018e27ee5a04037b24cde19f8749562a5827bc9cc3c1b58b84c8c11ac94aacd0d0f317914bd9ff6c525f41

  • SSDEEP

    393216:MPv24UBlkSAwZS+6OP0q8PqjzF2CdKZhtTGUMV7M/DF+WDP3JjP:MWxMSB0EQ2Z2C4LTGUMV2DLDfJjP

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Russian mbts\CleosRealm-T80_manual.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.verypdf.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:748

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2df870940a9ed04b2a0da989b089dce1

    SHA1

    d103f03db26b6432ed025f7b33e8df088241d3b4

    SHA256

    ca6330b343ceb104c6a8e228c0e12b385a195710c7120af47863be15a40cd192

    SHA512

    f01200d26e22cb5a05c1fe953190de1a9c4a6edb8ec9dcefe2ee3b38f9cb70c81a756b2beb5fc00af70d869714526c27da738df7bcfc9f814be2926bb2c99546

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    527646df3b08ea1c7ca32c678807abad

    SHA1

    e4418cab10542599c23ab7bed3d78ab77a53236e

    SHA256

    a56ea6eca2dd3e4a4835bde2bf1206d5cad143ada76e61a35d32d33775b80860

    SHA512

    20815c817a9d59707b999188d177d2ea08140447d5e120466951a32f759317ddc7ecfd11d359b34f04969dc79976369f947f5397db6b467a9ee25050f04313fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    98be7e35cb7abe3be6cc040fea61d52c

    SHA1

    06685ee9098e33aa47eae7bd7a29d4ce319b589a

    SHA256

    eb1ba753f4328811568073c6c618c184cdd0ce7f341afaec8f72c5615d6d29d4

    SHA512

    098b45944708df0aa57aa35f86f532a17e5c247455d220440171c611d38a78274c1d370d7908461eb9d2c4ae957c99558f23809c00dc0e00dfd0ddf1de6bf7f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    446e7954d589b88f22f0fcefa8b12acf

    SHA1

    47dcb2436ee975874fbbf31e2cd8b118864a9c0e

    SHA256

    8dd68790b7f0b7a0837d68576e15079b5dc3fa299b1e8dfe75fee6ac01f7afb1

    SHA512

    0d364744388c1ec05797ad1fbefc7074fc356a74e04fa24995483f16be2c40b580b355a5769cb4eea386b59d676c02285a6d1489ecaf7f047e32a19bfcb5aff1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    558e2892c7a43f0bd6798aa323696cd1

    SHA1

    dc5309488b847bbaf36d58436f45f1ff6ecefb9b

    SHA256

    d2b16d79762ccee1f7c1d0a9e7966b6ca1070b03d4a0e5fa00e9e7a0a4a9ca5e

    SHA512

    542c1d763d1927542e0f1061737401d86d638f098a0615e8352a92cf6a43d37a42cda6444ed8bee1e468af2b3c89270e0fbfe63c8239eb812a87552ad04950de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0e9a6cd49a9a391555cb070858b83112

    SHA1

    f7e05e207286a09c18a10bbe54bdd3011ecafd55

    SHA256

    1afd6d8b897928c55eeb29826414d9c3a8e10d41f8f6a8e813badf1398762d78

    SHA512

    49e63884b9b0898ca440233b858c528fd81a4683357a7bf9f0cdbdc1c4841968a550bf8f169b134a9cc8c666d9e9bcc754d3c566929805e11071cde1a9770cc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9df9a70f9630fb2c314b7b053b1460b3

    SHA1

    2e25211463cd7e82a96f4e2a942ec6ca4518da2a

    SHA256

    34b278f3cdc19e248f9f6fa91527055dd954e2c4df16d3e15049c1ac885720a2

    SHA512

    abb10ca2f52991402c8b148cd40bfb1515eb5673e2f10416f87014a23b7f020fda77aa682e6d95782a1e70252a6f16b7692d849eb407947f3150756846380889

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    88331834859bf6fe8b7d8c19559311a5

    SHA1

    3092be434b2535df098fc9cfbfc43963432e0a1f

    SHA256

    4c9f5fe621ba04c95ee7c9fa57ee7eb9088acb90a8eb6f9210f75c304ce35092

    SHA512

    fe90845f2ea43c04b8d654ecf968f811b8be494185adea2b2e37f51fe26dbaf5ef0bfc1e3c36895d2ba4846687c3c7ce30ef8c206046b4a1f436e8413d213c09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4531d3e00ced640687949bae3acfad14

    SHA1

    0bd03e21f0b47846f0599748b427cc8e54f0e39f

    SHA256

    dbc1a6f40c9fd8d47f8129fb0e44da5698a27d016adfdff90ce2a871cbb7e13d

    SHA512

    156363992a7734c41a710b4cb1fb2eae24dd09947c638a05af8a3dad8c0eeacbd11d284ff6efd161fab8ce2f3f7b401911c53a2024166f747dc8a160843c0b56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    886a8a44921e8d3640cc0f0ab5aa3220

    SHA1

    923d1ce53f5f9458e27bd374b04eb71a805e100b

    SHA256

    ea0a52793e9eb66800f784bcdde93cb5a39d8894702cc490da1e738791370160

    SHA512

    8112d5221accff34cd5eef3e8568b312d649b9bc8372331e8d1ef254ce5700566e684a5cfbcbf7a8690302153e8291d33dc4a783db50a924ec967835af9e754e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    03dbc01e385e374b530649c0a9835a80

    SHA1

    b530ebe55e8dd8c6f4825bec392a21798bb26a68

    SHA256

    e01d1d6f75ba3df04bc0010039e9eafb4e3729a808711e5e7c09a1f58f60e62a

    SHA512

    e642fe9b8d42970d7ecf0232c63826a99291d4cad2c2045b716ef0359cb343f3b0d045a30ab5a9742370d9749c7f2927f337681056d2b3529392c7a0778c9c22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    41a41c252319d43f74083205215ca6af

    SHA1

    759981023232e0d9df8aa35ab62c688b444f6ceb

    SHA256

    bd42af8b7f0a73b99511cb804a404b516d0209a68b659a86140e4d6794c569a2

    SHA512

    db64ad53d4a87dbf133a7308e1fee3157e55e4a05d3e8648f70055db1d4456545dd56ede4a5dd9322bfeb08858b895094ccc3820529edc64cb400c442f009539

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    01b29f77479b4d07273deb293876e231

    SHA1

    6b72b3ea8dd6d5200c31042f8a68fd37193e8777

    SHA256

    4b613dcc5b3ca23c9fa23faf6c887cb4820bc2ca47cbdd2d0d090604dcc7ca9d

    SHA512

    697fab315a570615202af22347231c8d7a7210a7975cb4d4a7c54996784d325d0a7fe96d55ed9d21cd4bdfe2617fb959f79fdafa03ceff7204f6db7086e78425

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    447d2db6a65103147c7d62d836b9002b

    SHA1

    f1b9e34347a4a880c983b9bfd04b1c6de8995ba1

    SHA256

    0c35a5d1cd70bdcfbe0c912e3072f09a913972984b2f3bf4f7172bcefc835132

    SHA512

    7abf13be365c68837cc7dc09eba371fe2e3f71cdacb78d8c29c7027e90caae1301612e3d08c9edcd8310dc9c2be0b379bf5d1622dea378c6725e09cbe15e8c07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    dfb5cca1264f25ca0e4d1c6b8909fe9d

    SHA1

    c86ba070afc440afee1f12123284da640c7a1896

    SHA256

    6068d36b0f5d3b523cbd6e8f6357befeb1c47b4c2e90a28a3ecfbd548c0a1627

    SHA512

    964b8baeec87e1b596d32dd2ded13595d67d4c56ce0c329597205c54c4d060aad652d05acbf8c57fd564807b847ed830548015af2c6cf6cd55679a4e7f2222ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1S811MAW\www.verypdf[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1S811MAW\www.verypdf[1].xml
    Filesize

    245B

    MD5

    1f6c19fa4f7ee39391fb56729f07121a

    SHA1

    53d0d233d844611837a93b4de002d37867c3c120

    SHA256

    125ba4a4642db754c8d4a0ccff0092b1487bf8e40952038eae1826db7ae90e00

    SHA512

    0441f0756daf25fcd2467252c3d1b26fa6a8617c6358a3e604dfe212acdde3b4e3f3514cf1058d49b3aa79be09b11a25a939004b528723527cabca08c1a44de0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat
    Filesize

    8KB

    MD5

    2ebd9f7dfbd27439df3e44a5e3c0f0a6

    SHA1

    9a36c139eebaf843813f5ccc0800dda43c15471f

    SHA256

    a2a2bf32baa016e943e50aba4897db2da5a8a7bd0ec4e1b0f4817513080e1a23

    SHA512

    564e41078a6be36e63c2f11a45c94139de726fda87637083f8a27f1b8c7266476ec719f36cdd95f8f96d133ce3f7960c84575acd7fd5aa50fc5d42c3f927a032

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\suggestions[1].es-ES
    Filesize

    18KB

    MD5

    e2749896090665aeb9b29bce1a591a75

    SHA1

    59e05283e04c6c0252d2b75d5141ba62d73e9df9

    SHA256

    d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7

    SHA512

    c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC7WQYE\favicon[1].ico
    Filesize

    4KB

    MD5

    fa468a5e04eb4baca0fe63b721ed6ff0

    SHA1

    47df3d8572c439c2dcdf0ce59ea8a1312b778ca2

    SHA256

    0a67a4cff7f4f649898f072fef442489c9f01588d75ee7b47bc6331aeb09cb87

    SHA512

    34fdf7b0ebbf3cdbbfac44eb434a7e2c7ee32bf89bcd4fa5baa3ea30df7f577ba7522f4c228e163ed81a648c19e6ce6485d42d066a4c498569696662dc5f0425

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\js[2].js
    Filesize

    112KB

    MD5

    e9c1b1ee8120a296baab700de00811dd

    SHA1

    b873815ca5279eac2b7250e9754ef9eb8c081dcb

    SHA256

    1c6943ecfdc166bdc153c91752558f062064767eec73c41be8bc31470a77af0f

    SHA512

    689acb6903445316eb855e0e709413d4b1dc147870b1cf831545ac11df9ac4fbb9bec72b4a69b784a3b0f074f3fa694b14be7471318cf663bbbf2d18faac92f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAB6F.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAD1B.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\L3F6E3KV.txt
    Filesize

    607B

    MD5

    467a28247b1e82764e5aecf30b2c57a8

    SHA1

    53c497399308f8c935d8ef5589cff15a7b1a111a

    SHA256

    5d10984f898dfa0c8f0d69f41c76bdd01ad43aac41f4c9f76f28644f8a1bfc32

    SHA512

    d1dc73434018d0002c782bddbc52e2d323258df705cf0299d3f9d5bd8af047e5bd609df288b5d5a49888e8bd8e069c5e79cb9041ce7759e7bfe588b691f10496

    Download Submit