Overview

overview

3

Static

static

3

USD_Invoic...ce.pdf

windows7-x64

1

USD_Invoic...ce.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    94s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2023 12:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    USD_Invoice_765765_Payment_Advice.pdf

  • Size

    133KB

  • MD5

    ebc4b42372af7f507404ade01706e894

  • SHA1

    66a91171e7ff40aabc6d7402270a597a3deefa7a

  • SHA256

    e0fb9a79ce8322e0ed1664a2faec68eb29759aa558cfcc3bb147613dbc83d024

  • SHA512

    4bb6e80b19374a8035e9bb3c42bfc6b91beb1269784561772291f7666756969a167f1e1a7f3f66437ebfef4ee5fcbb298d3f5ea5bbbc7a99cf8c83de25d5dfb7

  • SSDEEP

    3072:c8Rh3Afi+h4P/gsNzvXxjstNlr+7KX7XjwMRb:cYqfiUTOXxjstjrwKX7XjwMRb

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\USD_Invoice_765765_Payment_Advice.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.bing.com/ck/a?!&&p=8c31ba1436b79d3cJmltdHM9MTY4OTIwNjQwMCZpZ3VpZD0zNzNhMjQxNC0zNmFlLTYyNGMtMzE2Ni0zNzU5MzcyMTYzYzImaW5zaWQ9NTE0NQ&ptn=3&hsh=3&fclid=373a2414-36ae-624c-3166-3759372163c2&psq=site%3amoargxzoo.com&u=a1aHR0cHM6Ly9tb2FyZ3h6b28uY29tLw&ntb=1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2896
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d0c93077288b2694b8ee3b2e17455c7

    SHA1

    0bd371aea247972e8aa7ee2a6148de8c170d0d1e

    SHA256

    0048c6c0c292a656179c814514578b47943f627bb6ee587867482518accc9f67

    SHA512

    8f3e9f23aeb84388f71857a433188d88cc9e5090bde3b797adc0728644f1c2c4cd7f7768df8ea6d3bc648e6f52ea32ea3cea7e5c8ec76ee479e37c37edd220e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    66b38a9f8f124f4ae042ea057beca1cb

    SHA1

    7c0005e516daa8bdb656be9e2665a021be1e5d38

    SHA256

    9e01b18c1734b9b94057e05594c31f00cd2c29a5ecc4c5c4b9ecb076ef8fa26a

    SHA512

    bcaca031ab03dd0c6cf95829220a47c3ca0f9436440628509f2091b7dbfacd55d918f8c86d5b8e30fd28d764032cd52d3283ac6d4b0d10520a0f39b3a6416b07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a3ebd5d18576e02ef16896fb3fb53543

    SHA1

    fd62210207bf1a4c3059c14f1d19f8fe266792dd

    SHA256

    a99045cbd2e405a0698679f02cab591612290ea021ce46247a07c91c2104e39c

    SHA512

    ac69308fcb52272ba787585275cb8c504b3b97fb43ec6ae6f6849ac5432f07247b94efd6e7a9c2546765cc1752e56004ad69f12c87740b353eeff6fc24c9331b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2357ff8c1c13f2a3e0da73df0a05680b

    SHA1

    2b72b49c26a00d06eb2bd4d9a952e59b509bd1dc

    SHA256

    32d42f6e27cf9bae4c0dad0d7d0b7726990a24794773d9a224bedfca1768e581

    SHA512

    186375d5bb4ae01d3f6e7ee36f976ca16e60542d78a29a6ae4f53ee5e0c243eade7df48b27934b3c002e7037e7413b75db652c57a807eb276bbbcb3847a7daca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    258050fcd0f4873670208c6d10615817

    SHA1

    56d2f428948f926c8d9a9bae3a27c52a9d5ffd3b

    SHA256

    dcec8037293388f1ee3f168bdbeb41c9ae54e6cdab9eb30c1a603595cb0823a2

    SHA512

    6291f6f2c58393499ae4c2fd93f633c7cbe5d93b1b0088d0622a3a487284613eb4954a82d491dade43e175116d5df8332a636b7b0fe3688690328e860dc06bd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e18ec7f75af691fcb91ea76a01e18859

    SHA1

    80be43d7000cdcf0842b342dca110f8a5b76b5fc

    SHA256

    29a273a2700d13954f8fa416c7c8c6ff1d6c2832cf8deb2b796da11eb92ac790

    SHA512

    b28087f6b371130076dccbfeb8d737ed711d02bebcf08aa9e31b9089dee4c2549c75c36de77b50f73d034a3be5952602ca62a6c728404eb73295069a753c7aaa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    87aeb8d741bac7fb9ee27089929a7dff

    SHA1

    0ce2550f38efbf1a61d57509d3b064d5f2c99712

    SHA256

    a63a0ea7753136ab6ce2e90d9a44bdc941412ccafad55d0b1b6268bd0e1cf3d5

    SHA512

    d36dd8f03460fd64312a610c9444b792b15928f9915b4a3b82d7a120116da4b35c75662582e74c9624a74f82aa49cfe425b375659be5b804685d05541bbc79b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    83f46d1511e8d3ef857e0d735474ddf2

    SHA1

    ca565b92a8fac5b61452d401ed153d0e73a66c17

    SHA256

    e3fc0b791519a80bd6311a9b6996641c5c0e30de27bef1f86f4623fc623c455c

    SHA512

    0231f5921aab71bb1b619673b5dc226d65e0f4706e2699010dc4ccd6c3b5a06a59da1b760f679b851af1519bc93f8d60ec9a8f3672debb5b626b5f35273847cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63afdd61044034e31531a6a33dbeb9c6

    SHA1

    36a4afabf091c5d14d8d97f0e58ccc4ba0d842d5

    SHA256

    ef10d1611e160b4b24395d2edf2238bcfa9e44f2d49b8da3b8e637b0e88c1605

    SHA512

    9cfd07b358633a8c572de13fe14c3fc5ccb69e39bcf18ebe846800a69afb0a8ce2cb9759beaee6cfe950b5130f3550e25c7f7ce224901e0332aa8041edcad4d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cec2798bfb8d21cb3e0276a44c5b5b8f

    SHA1

    5e5ea4d728d4e3435c69bd75b33f6a55efece1f1

    SHA256

    229033a07388eafb1578e0115fa99bc3fd6a123b381316fde8c3ce6d6940e8b5

    SHA512

    b1d462064aa60e8400fb2e3e6ca0e517a99eb9e3175389c4fd4d93e7895f5bb646c5aea392ad489c645b6a62cf04e6623af3e823551710a8a18df78a9e467e21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd5ea27dc9129e88164e7173f7ae51ad

    SHA1

    226a2ea009f1d19e7f827974f3d62ab90c274623

    SHA256

    24f835f5858b048abebee60d85128e060d18c769b2b145a13a31fe813f984f62

    SHA512

    eb610b99089297c84031b1a983ab1f8b96decd6035d60daa510fd9c43dfe52cd8d4c07e6df1621563a237d1d74bf9765a9721554b8040980ae5ce3b7d0f23cd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45aab389f4f32aeb24322615802206be

    SHA1

    6603715035d6b5c2ac8753b3fec44dec1619c665

    SHA256

    cb1a382a0b27f615f2da171a0cffa0c7e71b235559521dc6cb5897b279bc43ed

    SHA512

    4eeb71ee953d96c70d14ba2f082eb5cdb841d94dfa806eb9c8297992b19d2744491c46c398febad68f1ea19d3f4da8719fd601008d85d9648b821cfa5d6675da

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b423aar\imagestore.dat
    Filesize

    9KB

    MD5

    f7062dd0abcc444b82c76bd571f3b6eb

    SHA1

    982e9015fda41be35930d2660adef4e161eaa172

    SHA256

    d90bcb4af8dbec55b359f8ae43dc2356b8787eb70220e35cb7c64d4db2277c5b

    SHA512

    1ee0a76436324a10a29ebf54e902bc5b5e2f53f59e50a95f2c76243d83b921e53bc54a3d561090076e49618153c3260cec610bf9bd03d09f06df9951e4e06500

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b423aar\imagestore.dat
    Filesize

    8KB

    MD5

    08c068510a30a53d79b47bd32a853df8

    SHA1

    7d9678c04b4e83c494a36407a6b6bb593b854cf1

    SHA256

    1a74ffeda5a8d7fa9f682c2b0c6f09625784e055cd2caded62cf5eba9cf8920f

    SHA512

    4d390867233a764fdaa23640ba0d9e36291ab60041dc2107d72edcd6c77c6fcba496c2be38421075fc3dad9d7e8ef79efaafb6de3196587d42634d377b20a32b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIGQELFZ\favicon-trans-bg-blue-mg-png[1].png
    Filesize

    308B

    MD5

    bda49766e2e7e028ef09d0e34988ecdf

    SHA1

    73fed2c00c224aa0df89397ec41488d63975c882

    SHA256

    5cbda906c7db6d50c7e200d73841a7bb7404bcff1b3c9121aa5bc79dbc608b9a

    SHA512

    2292945b9f53d495b9845cde7fdddc6890edbf00262314691bdc609d81dd6521ad3bb687766a2291077a1848ef49bd04a430c96503eb3254dad6e932963c9abd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6AGJ71Z\favicon[1].ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6AGJ71Z\favicon[1].ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabABBC.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarABDE.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    fd927aaecf11cf1fbc2bc19255aaf85d

    SHA1

    3b8e689a147449df0f6dd11187896d76d682c3be

    SHA256

    7508106b18a2dcd58efa9c964d34e234066fa585f89c67ff97659ccfe6d284f1

    SHA512

    9e89afdb91df2b2582996266571c149fbd1cc27f888d951de642ac053ab3fa87c0acd0704ff7a598e6bf8a33222aa1087c09627b2014858e5e69d4e7252a4f55

    Download Submit