Overview

overview

7

Static

static

4

var www ht...r.html

windows10-2004-x64

1

var www ht...a.html

windows10-2004-x64

1

var www ht...x.html

windows10-2004-x64

1

var www ht...g.html

windows10-2004-x64

1

var www ht...3.html

windows10-2004-x64

1

var www ht...e3.xml

windows10-2004-x64

3

var www ht...ase.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...-1.pdf

windows10-2004-x64

1

var www ht...ed.pdf

windows10-2004-x64

1

var www ht...ka.pdf

windows10-2004-x64

1

var www ht...CH.exe

windows10-2004-x64

7

var www ht...is.exe

windows10-2004-x64

1

var www ht...des.js

windows10-2004-x64

1

var www ht...css.js

windows10-2004-x64

1

var www ht...js/.js

windows10-2004-x64

1

var www ht...30a.js

windows10-2004-x64

1

var www ht...a5f.js

windows10-2004-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...son.js

windows10-2004-x64

1

var www ht...x.html

windows10-2004-x64

1

var www ht...bed.js

windows10-2004-x64

1

var www ht...c.html

windows10-2004-x64

1

var www ht...0.html

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2023 21:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    var www html kemhan/wp-content/uploads/PDFReader_CRACK_FULL_PATCH.exe

  • Size

    1.4MB

  • MD5

    4d99ea28d2e65ab6090763f3e0b5890c

  • SHA1

    b26f5210d2d8cd04df9b3ab3e6406bc54ad1af60

  • SHA256

    db11ecd33f37fc86c233b9d972e9b9d877eec3d491c764b3eb3784feca757a54

  • SHA512

    37cff1b0361f56b079752a0e9d62c6226cd7abaf582b8e4cf9c059968e75ccfccaf021bee03c636205380abf562a4f16ea73232b45f18ecbf56a13c0eb3388da

  • SSDEEP

    24576:5y5f33KIXMojSzsTxYqdVV2JM1vTzs7MJZ8U0tirJNq4oCMY1gb//:oVHK+HjNTxmmLznKoS4dL1e

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\var www html kemhan\wp-content\uploads\PDFReader_CRACK_FULL_PATCH.exe
    "C:\Users\Admin\AppData\Local\Temp\var www html kemhan\wp-content\uploads\PDFReader_CRACK_FULL_PATCH.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3232
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\READER~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\READER~1.EXE
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3272

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\READER~1.EXE
    Filesize

    1.2MB

    MD5

    a2e37f954986af9f88342b20b2965646

    SHA1

    b298ce01bc93e8391acca3a07c0d06021df30dd6

    SHA256

    8bc36f61610304148652cc7748ac1a215290f720d9e5e8df53d1d3b2c3c0e5fd

    SHA512

    a492235f0e6de5f93200e0886bf4d3d77629777f28a5d517e87c3bb45e4266f339ab6a66d889434e617a3e4cec7248b488fb1e5aa0a73b6498ed7ec2d4073e7a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\READER~1.EXE
    Filesize

    1.2MB

    MD5

    a2e37f954986af9f88342b20b2965646

    SHA1

    b298ce01bc93e8391acca3a07c0d06021df30dd6

    SHA256

    8bc36f61610304148652cc7748ac1a215290f720d9e5e8df53d1d3b2c3c0e5fd

    SHA512

    a492235f0e6de5f93200e0886bf4d3d77629777f28a5d517e87c3bb45e4266f339ab6a66d889434e617a3e4cec7248b488fb1e5aa0a73b6498ed7ec2d4073e7a

    Download Submit
  • memory/3272-140-0x0000000000C20000-0x0000000001057000-memory.dmp
    Filesize

    4.2MB

    Download
  • memory/3272-141-0x00000000015C0000-0x00000000015C3000-memory.dmp
    Filesize

    12KB

    Download
  • memory/3272-146-0x0000000000C20000-0x0000000001057000-memory.dmp
    Filesize

    4.2MB

    Download
  • memory/3272-147-0x00000000015C0000-0x00000000015C3000-memory.dmp
    Filesize

    12KB

    Download