Overview

overview

6

Static

static

6

1bc8bac93d...04.pdf

windows7-x64

1

1bc8bac93d...04.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 00:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1bc8bac93d30a9e33a301a63ba3d9904.pdf

  • Size

    13KB

  • MD5

    1bc8bac93d30a9e33a301a63ba3d9904

  • SHA1

    7eea3351b72ba3ec100c33cfbb243bdd9af12308

  • SHA256

    4fbd471f8b4a583032f824dd6e185066216b32f1e7a9ffdb2571acb47d24e02b

  • SHA512

    059cb5063182447bcaefbda78c6d386512cc3f1b9bfb54a15655360fbffa8ab723d634d5ad85c3c2ec224f13614a5a3d88dd8fdb706d4774a497d32cb0872d4a

  • SSDEEP

    192:5QhzajYqwAO9G+/vCmnmNTy1yJZJ0Zhrx7Rv5VCX0vQNi/60un/TwWzz3:OhzaNwAO9GiCHZLJ0ZhrrtQi/60G7wuj

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1bc8bac93d30a9e33a301a63ba3d9904.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 -s C:\Users\Admin\AppData\Local\Temp\wpbt0.dll
      2⤵
        PID:1860

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar44D2.tmp
            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\wpbt0.dll
            Filesize

            6KB

            MD5

            bddc348ab63339bd5af9e2da46b3de07

            SHA1

            a046bf089ee0719426e13a4b723f91a398a78421

            SHA256

            2b64c08f65b5ed88d8f73865ec081022c1fe6091c3f7a4d3b620d03029fddfb7

            SHA512

            6cb1b42948cfb84b22623e6da5150ddd6fa41c8871d09395443d7042332a1f329c852a779d689ff09e14c6d61885528db7303cb2e059610402d063fe775dec75

            Download Submit

          • memory/1700-0-0x0000000002920000-0x0000000002996000-memory.dmp

            Filesize

            472KB

            Download

          • memory/1700-4-0x0000000002790000-0x0000000002791000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1700-3-0x0000000002790000-0x0000000002791000-memory.dmp

            Filesize

            4KB

            Download