b284ee8f878f1699ca9ddbef7176aeede1958467a5908ee523e82b875a94241d

Resubmissions

16/05/2023, 08:59

230516-kx3kfsca98 8

16/05/2023, 08:55

230516-kvtvjaae7z 8

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2023, 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

entry001/pdfill-free-pdf-tools-10-installer_ajgSQ-1.exe
Size

1.7MB
MD5

d9f157520df687478794d3f45fde192c
SHA1

159f162eb0d59e875497ccb75c27a912275524db
SHA256

036ddff908b581c35ef6665405b0d13a3413aae6777ea4ab2d79588e4f6e6eec
SHA512

0fde64e28f4c0e7e9f285f19be402bda198381996347ba29269ba6a6249b06b353e081eccda2465f6ae6d38e3742b339d3b9dbfd422dc27782766deb2efbb849
SSDEEP

24576:27FUDowAyrTVE3U5FmbPs0PDPaJPfrT90eKc4cgFLNPfs8duMpmsD1:2BuZrEUFmDwPH9RHgFLRdp/h

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2140	pdfill-free-pdf-tools-10-installer_ajgSQ-1.tmp

Loads dropped DLL 2 IoCs

pid	Process
2140	pdfill-free-pdf-tools-10-installer_ajgSQ-1.tmp
2140	pdfill-free-pdf-tools-10-installer_ajgSQ-1.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	13	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2140	2616	pdfill-free-pdf-tools-10-installer_ajgSQ-1.exe	86
PID 2616 wrote to memory of 2140	2616	pdfill-free-pdf-tools-10-installer_ajgSQ-1.exe	86
PID 2616 wrote to memory of 2140	2616	pdfill-free-pdf-tools-10-installer_ajgSQ-1.exe	86

C:\Users\Admin\AppData\Local\Temp\entry001\pdfill-free-pdf-tools-10-installer_ajgSQ-1.exe
"C:\Users\Admin\AppData\Local\Temp\entry001\pdfill-free-pdf-tools-10-installer_ajgSQ-1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Users\Admin\AppData\Local\Temp\is-F6N2P.tmp\pdfill-free-pdf-tools-10-installer_ajgSQ-1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-F6N2P.tmp\pdfill-free-pdf-tools-10-installer_ajgSQ-1.tmp" /SL5="$A0040,875199,832512,C:\Users\Admin\AppData\Local\Temp\entry001\pdfill-free-pdf-tools-10-installer_ajgSQ-1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-F6N2P.tmp\pdfill-free-pdf-tools-10-installer_ajgSQ-1.tmp

Filesize
3.0MB

MD5
cb613617ed0189dc00141e550a602523

SHA1
03326feae682bf31304c1992591e6c480eac9046

SHA256
19ab73ccab6717bd71eeaa644b113d653d1fa8cc919f7ee69889506ecc3744ce

SHA512
3ad132242c2de8ffda946ff03674ed62d66c1487cbd76db2f389418f143ff8a34f089c1e6b4d0cacb90a1a0c3861dd0120e0db618a2d5b99d5e21df899ff49ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U8L4F.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U8L4F.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U8L4F.tmp\mainlogo.png

Filesize
4KB

MD5
600414f8599f861756a33ab816067f7d

SHA1
db0649b712e8ce3bc45e66ed239589331d2b89fe

SHA256
a5e4c876b51bf7562567c405805bfc384a8ba70356def6d4965699d8eca2a446

SHA512
cb343a45e39f5bf2252b25d41ad1b7cb5fffd6c46d2214e3a6383bb32018226e5b8ede7a8bd9d7c541b786fcbd179b2cf702dc254450b48d870b0b07e1d248fd

Download Submit
memory/2140-138-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/2140-149-0x0000000005520000-0x000000000552F000-memory.dmp

Filesize
60KB

Download
memory/2140-156-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/2140-157-0x0000000005520000-0x000000000552F000-memory.dmp

Filesize
60KB

Download
memory/2140-158-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/2616-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2616-155-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download