e14bc21018d9310550d1022cd4c3f6c28f3299ee4bfbf26ce9e11cc52f26fcc1

Analysis

max time kernel
0s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1003aab5743e77cf62e2c59c2f054667.exe
Size

90KB
MD5

1003aab5743e77cf62e2c59c2f054667
SHA1

5daf17577b655fad8fbaf083c94fac5f5a3dceee
SHA256

e14bc21018d9310550d1022cd4c3f6c28f3299ee4bfbf26ce9e11cc52f26fcc1
SHA512

ab7c630d0ad0192027417a6d6a940843102ff44b0c15aa916f8f64e914349c7e91c7f72f5e61569f29106fb7f39d5d9e86d13bcd412631b078a8d5efb32994f3
SSDEEP

1536:/KDqJvz2xyM40DSmJ+EWEqEbETDPXbJQ5ssrlHN6OOeV0RIqFi+zSxEBEHlHl9RV:/KDAfCDSmJ+L3OKXbJyxg/UUc+SHlHbD

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2876	AcroRd32.exe
2876	AcroRd32.exe
2876	AcroRd32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2876	2368	1003aab5743e77cf62e2c59c2f054667.exe	17
PID 2368 wrote to memory of 2876	2368	1003aab5743e77cf62e2c59c2f054667.exe	17
PID 2368 wrote to memory of 2876	2368	1003aab5743e77cf62e2c59c2f054667.exe	17
PID 2368 wrote to memory of 2876	2368	1003aab5743e77cf62e2c59c2f054667.exe	17
PID 2368 wrote to memory of 2876	2368	1003aab5743e77cf62e2c59c2f054667.exe	17
PID 2368 wrote to memory of 2876	2368	1003aab5743e77cf62e2c59c2f054667.exe	17
PID 2368 wrote to memory of 2876	2368	1003aab5743e77cf62e2c59c2f054667.exe	17

C:\Users\Admin\AppData\Local\Temp\1003aab5743e77cf62e2c59c2f054667.exe
"C:\Users\Admin\AppData\Local\Temp\1003aab5743e77cf62e2c59c2f054667.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\yes.pdf"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yes.pdf

Filesize
14KB

MD5
5a10c129a9b73c33b323674c2796dc3b

SHA1
5f528dfeebb55ec49d7586f965ef696b58e113fb

SHA256
b24b07d158d009f15c4b77075f3ffc2e26d6fc7f4b47a1580af482712e85f577

SHA512
2e87e9257338894ea59374ba9f68123447fda4d15dc0f8a4c499b48670812613b29f8eaf0cd756a3260cd1e6087b5224bdd3b9ef5beb8bfec1a328bd2921686e

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
94003c7db538527a6a6517dbd7a4153c

SHA1
db8e6847e3383ec70c548976acdf83089e775600

SHA256
b25abbfcb07d6baaeb4fec86a60d6ce40f36a7037d95b560829664a2d4ee3380

SHA512
b132dbe63ce233dac5e9551a251a20e89e8a86ab2581c44535a8734e6b8d3c0be2851e290819a612ab8d8d2101f319a2b17da5ae1b7a22e7555a73101195a5ed

Download Submit