Overview

overview

3

Static

static

3

rpservices...83.pdf

windows7-x64

1

rpservices...83.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2023 15:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rpservicesofwiINV-234183.pdf

  • Size

    22KB

  • MD5

    7a25266f773351d9f95c0bcb348a5273

  • SHA1

    5bbea993d1e0025c07ee6f3b5b8f9c5fbbf26015

  • SHA256

    add8f5e2fb48285f61f489bab0ed52a850ab9487e83e0bc0ce9af5457fe16e75

  • SHA512

    e12fa8449c5f41b56b3d76b9495f16146fed5a0ed5f3de5fcacb52b51276bc08e547a4ded03f11242a819d6388fabde005be2324603c21c4e660f4c501099060

  • SSDEEP

    384:6wbWYZiyuhl5Nn8tdaMD8U1nQNguuN0YnAHm6ZgV2/FqEnRnTyquaGCzhp6sr:5bWYZiyuHnQuQAM2/FvnAquKht

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\rpservicesofwiINV-234183.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://adclick.g.doubleclick.net/pcs/click?xai=AKAOjstFA55hCSrFSTBDNko3225YAz6GkouTQlHjExWXRbT5OPMnSlE8Wh4LAVp-D7jWRr-LcKW0w-HH1g8lCVAK_eU-5azfUXfjqfTiHFOFWV9I8m2ZaGczGlov1iY8kMSnelCX-AHG6VYBmpcZJapT1XbdlOM3B9u9whYqpkxEpFLbkzwDao00-DL8JyS7UIxIApb_JHANRmtKLSuRcM8IWqFaP0cOc8n8jTedmwHc8oAw2MV2tRUaAnN3eaxaESpc8fovDeWslJ0A3duo5g46YzCYxQ8A56RI5MGcQw4TZj6TeWuj6jRjAe7g0X18--IBmztC1sUi6XuHkB1Ew-z_h9bv1XK-s_9L6zeDfQPtMsI3hOqp8T8545VdgCoElxs&sig=Cg0ArKJSzEpZ_YMvCKWCEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=http://173.249.58.32/rpservicesofwiINV-234183/val
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    154a4ac46478c775c9116ee69ac0b43a

    SHA1

    fd308706087df7297ae4da07e458b494a9c738a3

    SHA256

    d0079d1dfc025bb7fe3f21f15e85252cd04689bcd4d4da25e6774a9139214f9d

    SHA512

    2c49e341c2c3584e4885693c6ad0ab7bcc37a30df300f7a04bca737fd859b88396822070a10cd5bc83593a5f9ea6d9518a1f75aac6fe9737bd0bb746be1a356b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3db27868f9844cde22b4af9219d42096

    SHA1

    8c8250252f255186d1e92660388cc894b239e171

    SHA256

    144a517ddb8e5bdaff9c0ced6d329b72d40b5e068ebb9e72868908d017441365

    SHA512

    5921a23abf343f08a3b0b3c4bb2c02cdf9cfcaa2ba824648f84b705aaaf53756058bb76a0832ee232cff59b4fdc63da6d897e428500ed7cd312d40dbd218b76d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe26bcb5e6d27cf5d8320dcc2397c5a4

    SHA1

    b6a8b760639c19d8abd1666a0cd4c221b0b4ebcd

    SHA256

    3e1f06c26bcee30be4336ddd63871c46aeed6e5139f800f240ff9df3d655bd34

    SHA512

    460376075d03018b60a463903fc808582cc837657e5826e293a4ec110468e3f8e8ff2279144b4f36f8a6375d186ef420819152b1dfa316c1ad984d909272c0d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ac5ccc5eef6a664e98b2b210e3055c8

    SHA1

    1df9091e4b3b5e0d24671e2238145a44d113f929

    SHA256

    4079fb4258aae5077a3139223ca05aa11686acbc175615518b1097ac14be4b76

    SHA512

    5df4de3c8955dcb885498c6bc226c8fe947b531fccc1d40de6805ce7eae73a916ae6990f1ef0141b016de37ef68d35ff27ad45fd0e8393c5bcc417ef1d79778f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    41806aa9d11cbc130d0ed2395dde4d07

    SHA1

    ca73fd22ff7c5b4afaa34f5ce160fd93f4546d73

    SHA256

    2e563505e86e0c346a60700e53b005cc604c93f9d9027988e320392c7a862bdf

    SHA512

    0a6b7524761d55960060b805ca6da202e68fa83d9e9fd7b3d5647f0e991b8040c0096c4597f7e4a98f70b51cb1d04ee425641c94f71526340c813de8f90c56b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db4d80edbbae5e5fc671bb3ffdfa4eff

    SHA1

    15186cb9cdf08759f8c7da2ae3b6e49d439b8edd

    SHA256

    ebe4ba9ce94dc95cfe405bb151960d8a3cdc3107515e0ab418d51f92876322d6

    SHA512

    a3851db9f930ba8973336981d2c5f2b47338604b11a1857f44e24ac12b8f4e9a883947e00176242f5ae2ceb4393b823afd45c34723593fcf120eb1c577dff525

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8b83a03edfc946840e8817ba86acddb

    SHA1

    c7d3d7db32b1417f328b79bfbe36f55e814707ed

    SHA256

    78a4d6d17622760a556f30433c373f01b53a11feef170c589d80de37acf3bba0

    SHA512

    3ae1b643da9b1af2db8e1d25c3a8c06cdb4ca16ff9f9ba0df31283dac887054a582b5fe63c16ef8ceb901cbc9e4994c71d5f15490d43e4a2429b0e1356d30fc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f2cfab6e3a0b19a8a9da47e900e58759

    SHA1

    12c318013b0776eec4695ead803d11b21cec7cb7

    SHA256

    5b4786a1f23ee94d02ef48a03f60cc8ebcc906308f73268a39577709644a6ab7

    SHA512

    12777582fb8f525c2bcf472d175015ba903d545b643727e72c4ebd7439cbf5655e9492144cce95f12917044233966a706678431994822d2c3bc30a653aa6d5a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    25e7844d362f8a7c390501d8e729c3da

    SHA1

    554f75344c867f2533c01d699b2d865721ed96cb

    SHA256

    24903a427597a8cec14738e898d188283ae23e659e389911337928c6742cdc73

    SHA512

    732776fc12dd97bfe451b6c1137090d33ad77fd37a2d29a4a7d6c4de067b77cd3fd6813c283da0841e1956f368938c96fc8134e7d05c6ab951c94527b47bf5fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a912b88c8af296aeb98e7f747b02eb3d

    SHA1

    5e034a0f5926300699df196390c5f0cac1859209

    SHA256

    2180ffe52a3cc619f29e5dd7d841a47bc7d37bf3e554ac206475e77eb8b0f4db

    SHA512

    0eb861f8e2cc3558fbf7d6c868e92ed7ec32f008574bdef0bfcace364fab8946c24aa038fc7d8aa98ee4ffc0652c7f3ebaa1e6b7489d096401a362c5fe197fd4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b423aar\imagestore.dat
    Filesize

    10KB

    MD5

    786d8761c3191243ea2c7580c7b82ebe

    SHA1

    1c0d3b4022bfc181a3933813aef97640a2fe300b

    SHA256

    c866481e5c4646fb8b1fab1f30b75b82d0c3f9a08b022097ecf7903415c64dda

    SHA512

    eadcce522953f61b6752728e5b7ad0a92320545e8b56ed4eaf55ec6a26f287d1879a51144bb97f79087c31c116214ac76570c5a79828128b7b626200061b08c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RONDWLKG\favicon[2].ico
    Filesize

    6KB

    MD5

    72f13fa5f987ea923a68a818d38fb540

    SHA1

    f014620d35787fcfdef193c20bb383f5655b9e1e

    SHA256

    37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1

    SHA512

    b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6AGJ71Z\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAB5E.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAB71.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5f9c0cecbcab436c27d2acc48b4166d2

    SHA1

    21090d425de6fe938fa7fd02cb9a4497c23fedaf

    SHA256

    f78e5ab75a051ba54a504c28b29c0a23c2fa42db46517ed7cf1055103e3cf7a9

    SHA512

    1d7745d0d9b98e40da1409be01d9ac757b16e98cc8daa70f657dc1447aee3304fa843789cae33c491b72680a35821d4b0a618e35926fc7c513955f377a671511

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\17DNPY2W.txt
    Filesize

    603B

    MD5

    515b5c51cc9253d9bf03b7f538a4ddec

    SHA1

    34a6d109404f4d371140f5f2d48be8bf72acc52f

    SHA256

    2fac0a68b51380106528b83419be913c9da55c53d71a7f2d0bfdf6c729fabfdf

    SHA512

    027f4f4006fabfbc9051f1f1f29ad6c551bdf54a1294f092b087aae7c5d37867738efcdde57594803729fcb9411614de13302f843167ed39c4ecd96db7f47b8b

    Download Submit