Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://qcg-media.s3...

windows7-x64

1

https://qcg-media.s3...

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 09:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://qcg-media.s3.amazonaws.com/media/uploads/615371/2024/01/20240106_608072_020230829908256CanadaRevenueAgency212.pdf

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://qcg-media.s3.amazonaws.com/media/uploads/615371/2024/01/20240106_608072_020230829908256CanadaRevenueAgency212.pdf
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
    Filesize

    1KB

    MD5

    55540a230bdab55187a841cfe1aa1545

    SHA1

    363e4734f757bdeb89868efe94907774a327695e

    SHA256

    d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

    SHA512

    c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
    Filesize

    230B

    MD5

    d2045d598a5f63bd038f91078a1fb224

    SHA1

    3cf90bddef741a558004ed88d13306f40e986e64

    SHA256

    5ff0dac1a69d7ad3f89715a1029e24b526eedbd6ebac10763834087aa6ebc2e8

    SHA512

    e087524682b9eb9f21d8ba43ff821234db6e7606315200d709fbe3cec7bbf6b61a980b5cc0ba54acdff98a647f5a1545dd1f028e5de3255c5c7e225125f98ac4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ea4ea5d9ebd1511d11708950c844a64

    SHA1

    9b8d3cc57c0804ea3d1268018cb91f21003a61d8

    SHA256

    539c9daa5ea26e32be8a0d7bdeb99765623437f521b5f6752f2f77fea6e35069

    SHA512

    2a3532d7d5e9905fb360aed3cf23b7f1cccfd6a9cccabbd7315a815a91861a46c4d9d7acb2612796a4482f186ad7f3addebc97aec2f46e9d47e00c063618765f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d4dc58e381156b3abc82db5a5f4fc84

    SHA1

    c67387f78f0efecb028c47faa14c99b861c41aaf

    SHA256

    d0aee0d46ef59bf4aa2f6417c9c6a82d22fce93a679dbead61baf3128b6a3da5

    SHA512

    481a520ca8db540a566994dd411066f43fe37e1fae2b70f3a9dfc00a7db3d6d709aa81b62eed327f20bc0cd31f6bf248ad9b5e5e05d4c021f04dd77a01d356f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ba88b464a64bd3e7400b5854f5aeb491

    SHA1

    4461a786aebc19df2a5627fd45445b4aebae3a70

    SHA256

    69b694b7cec077d438618dac13134dda10f5658e583baf305adaa4aa469c0729

    SHA512

    18ea9ec8a60d17c1e0c5cc98e9bdaa012b92e876538a5b35395bbe7071ef2a0ee0662e71b57e394160a2bfa5bd04a467c99853297398869d4161b1556a0bea5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cba94dccbc51cf5328594ce3a27711f1

    SHA1

    d6ea1d5272f3d0b05b3b7d583a689275dc91bef4

    SHA256

    7c936afef3c3633268c9566c720353931c2a170bd876f7f20440d8b28df7c031

    SHA512

    c5ce6c85d3e0ff793f90a371d7228c3d57cc4118479ab6cf5eb6880ff1a3255f909c0d722d29842ec0a918e52f9f64f2bd585396a382ae151cc92c706e268154

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0827a6c3cc76b779bf222260b0fc604

    SHA1

    7332e05d7131477a599a241915cb98a22a84ba42

    SHA256

    d4b6fb830a947f9e2d64f6dadf1312d2416e9e82c7c5cd7396366461b7275124

    SHA512

    ef42d2c066a18ce70bf16c0be9bbd8ecb1680dacd5a385cf293f53203791de2cacff1adef24f87bb2277f480c27045a9a2c8afe713fa39c23a8139d6d1377bae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5acbc333b1a290c756a34dc58feec14d

    SHA1

    efa95597c53ee8997637c9a12d1be6b4e8769018

    SHA256

    0f1d070518433aa7244852ec6aef5a4125c31e1e13b7a02b3a779605973cbbc6

    SHA512

    86bb9495582699dd35d382ca1ed32309fc14f05d7cbed96ec1cb4e268dfd3e01a4cc3ca291df84dc6b7794cac3520d10c858fe7aea9a2a903c9d278b1cc4ec77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    197318b10643cb7e2d307b780bc35ce1

    SHA1

    60ca6e647ccb6c593585c2a6363962f223007f42

    SHA256

    f4e8a8c6f7c927df6df5f7b04fc904efa4a163995c6370ba51552fab7c778f12

    SHA512

    3b95528d8d8cf2ed3a17cb308dc7fc93031dd4a242285063d166024c5198cfaf5b1d20a20d5579d185f1627ef1701576d741a665f3a6dc99bdcf782f10ef0da8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    04ec5cd56b812c28127d236c1aeb0877

    SHA1

    dac08824c6d2c9c885669e9fe9e3e36c9f05a65a

    SHA256

    d199450f843b0dcf413e8d94cf1a151caa55a5f01b749675c9b6e8454c600cff

    SHA512

    d7c8ea49b6c0a3404513c2b9f1a4eaf5de68a92ddc55eb1618aa65cac7bb8c122bce6b744a834c0b54ba2c5fdc3cc45522d0e76875467129cd3de7cb7f833d50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23ea77c390538473973664984a8c1099

    SHA1

    f5ca5d5f80ff50f3fa27edf385da8f0ef7872b63

    SHA256

    90e7e2cd3875d9c15ca629151e2055d432600dcfd3aabeab9341a22f6fae7310

    SHA512

    a3cfd3b9cfe5b487b304e5f186fc602d3d6d9d2173eeff4105446030a4bcacdcd846adfc8bd5dbbc6c407adcbbf0bbc00f261d297c1c988b40df9bb1eff413cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c33341f8a4c57255d5202cef49f07f78

    SHA1

    b1c9c07ecf7e2d052e5f659e219114c6097297bb

    SHA256

    9e9720b5dbf75171158f519854bd912e006b13ca90079ec88ec5f12a6a9c4745

    SHA512

    607a2bd30b196540a8bc1209686ccb21a477e2d80f7c7e29e46b71a1e18a8d8fd40d4701730e771d4fcac5bf788fd50e111e38d2426bc35fee9c49f73250176a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    035442547b71e8084c0e100da3912efc

    SHA1

    ca9c625a58db7c18cc9768763cc918c35bb97f3d

    SHA256

    c057fcd36820bcebb6c067ff237ca5664b3bd55d4047216b429fac3ae459f45c

    SHA512

    37c5a9a83b24e68230e5269974589d4e3c335a411991529a812293ff4ce532df8f6ab4176e918a4a27fd4f44e7c9a03a06e2e086225954b7fd350fc604a890ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93322161e46e5cba29431378a1f20e08

    SHA1

    9776c43b17f3a8a3e737a9a5d5296740e037a719

    SHA256

    4f664581f3a4c7cb241b2080051adaaab05dcb4e76fb0eda2e1926e96bee9066

    SHA512

    ede6bdd075a85fb69c5a1fd414804aca2e82843eca258ff3745e7b6f32a9fc5ab67b4ebfe74c6927e6c0d849fe72ebeebefffba848210da293904ab4f8c0ef29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    740d1fb5c5677233fa8688c24f5d3d67

    SHA1

    d3c815208a248898fa397dfcac836cf4e6a133db

    SHA256

    91e31b3078f49975465d0f3e535b3c417a72a02e6bfc9ce834bbfe7ceb2cf810

    SHA512

    2b539342939439df4d03b3b52541ae310fdb6fbe52fc88fa23022298027fa038eb87ff9b64366b76f21d808612864eb7e65da9cd48a0a4060ee7db0199cbe3da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0b056bb5064c06362f0874d3ddfb333

    SHA1

    041d674435d3e7481d670ea8e6a8e2fb13bec59d

    SHA256

    7ed6caa3356a7f8375cc0f195c295839fd7535cd590e9dc361830d6dc6352a9e

    SHA512

    404fba7be14d1389469e37fcedcac8428c8a33de050da539a2442b5d59562bfde73a1017ba052e92cd00bb997217929a4da1a09fbae1297c3788d23fbf09119b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    589b4b6b2441515f150236a48d68d8c7

    SHA1

    75e023670a8ab42b4f06b2d69c88ec5f8f922c80

    SHA256

    ca5fad940610f1e5eed0d37828996018eff61d9511d1c3ca640780663de069c2

    SHA512

    421f3570a292a8f5ac7749e57ebadcb4f20abb2a4a60e252e3ccab477be5c6e15e8be5bc5f928374e6476f4fe953068df62140093fddf0e4217c9010a12329c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7B1B.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7BF8.tmp
    Filesize

    64KB

    MD5

    69b8e2fe3bb7142b759bbc3bd3092cc2

    SHA1

    c55b032e44415d77a1a2f3f6c6c049b7cc32afd7

    SHA256

    d31cf766104ab57466eca8c74b0b1dc3f7729270b60df98dde747087ec3e8bb4

    SHA512

    c3b3ca6861a0e35822f0c5b6085f7fc1444b051548aec4362723d1b7a14b72cd832335ca29eea23ce8f9fb71f4ac76c6bf2b58a220722e7843461bf095970b7b

    Download Submit