36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
22/08/2023, 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.exe
Size

2.1MB
MD5

8df029a9915635864a5ded490b7d6115
SHA1

9dc2404438be54ab16fdae01547a10a13b63174e
SHA256

36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251
SHA512

d8861e65a863934d91d21335b3a81b1339f0eb687cc1e5f7c05aab19db3866ad7cde0feb1368f5e1de8494b89a073dbba3f8d06d2c4575b69149495d5ec6de49
SSDEEP

24576:NgBgtaeLmEOHrYh+ElL39A/rU27UDYQgjWP7hxAwN2+t9y4TTxZAqVOAf9Qn652F:SB0TLmXHclr9A/wPYQgylI9+k

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2264	AcroRd32.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2284	36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2264	AcroRd32.exe
2264	AcroRd32.exe
2264	AcroRd32.exe
2264	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2264	2284	36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.exe	28
PID 2284 wrote to memory of 2264	2284	36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.exe	28
PID 2284 wrote to memory of 2264	2284	36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.exe	28
PID 2284 wrote to memory of 2264	2284	36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.exe	28

C:\Users\Admin\AppData\Local\Temp\36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.exe
"C:\Users\Admin\AppData\Local\Temp\36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.pdf"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\36b3ada9b5c38d82872da6878313df1cee0bb5a85b49a861e53b7dcae9b7f251.pdf

Filesize
110KB

MD5
e91d1097d2f274b746be74c5a2b27fed

SHA1
9e4dc7fc5c51d846868065cb5d25fee01c20c88e

SHA256
7e3e2ee12324611c872b84606326c6d1de8c1adab0dac2c3083ddad48769ba9d

SHA512
b16fe0dcde4294358891999cf6d511c5194210a78f5f46f6e74718e66a4694d4e43d9fe7ca32a4112537981e9b78eb5efbc683ec006076bc1a3518213943401c

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e7923ca639a9f0dd59caf0d368361e29

SHA1
0137c971300dceac87433f383dae5f72f1d1f415

SHA256
8c9d0dbd72eeee70a33a8290dba30cefd1ec16cd3d84793c1e7d875139b3093b

SHA512
fa610adc96442f1be7a792553078d551eb1a4ff9cf60ba431495ba5c49934adead31ce89927612c96ee67381eec1b4b90594f3716b18b7739937fb32627cc5c4

Download Submit