Analysis

  • max time kernel
    217s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 12:35

General

  • Target

    PO-BFS-001.pdf

  • Size

    373KB

  • MD5

    89d39d7e2cec50c44892be3493af57b9

  • SHA1

    c1f34ae794507655f285416fe6afd25ef701c7b6

  • SHA256

    d566646c8ea1d1b25345139bf8a04bb3127e795cf137afc3ee585aba44fdd090

  • SHA512

    dcfbbec51e10d0a50dd80876c17ca714bc4d617150c8288511cf606d7a69b136113c2d3e19d5221e58fdf6457961594d4a6bcbab03ae46ba0ee2a8dfeb26f482

  • SSDEEP

    6144:EIpkj/nH3C2jC3O4vQibQMCfFazq6DTwInOlpJMKXuE:EgEvreOYQiTCfFazdD3SJP

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PO-BFS-001.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://latestacrobat-adobe.000webhostapp.com/adobe/AcrobatReader-v8.0-installer.7z
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2036

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    625e2784b6f6ad5c9f6781dbab2bf392

    SHA1

    b6ea4c5bab87f92908735baec19db045202454d6

    SHA256

    eaf6ba4299e8f7588ee361a1c869c24145d49a15ac252f5f74ce8ca62a7fee55

    SHA512

    1a4492cec48abdb32120fe0c43d9f3ef8449ad796a11194ceff065411e1462f07f4a68bcdccb0c943635034894f6b02528c8ed982d54841b146ee4d225ce3508

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7d7200864fb06fedba3870ae9b9a8b20

    SHA1

    b3fd940394182facae94ae51796e68bc06cf3bd6

    SHA256

    1a253b91ffbe266ec2bffc3bd2dfe1c8cd515de49c016b2ebeb3935449c60782

    SHA512

    c4f5cbaba6440516687625c644762a94992f5585f6762cb524ba7da41356672890f5ca69134e31c200cb3b0ee69d66f84ac9bcae190b64904b7c55fe6d3e767e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e855b9be4e5f5e80e99d4f0837e2c3e5

    SHA1

    3485961958f2fadda08794f9854b4e1bcb6f2530

    SHA256

    5eb07ea794e3178e22352d9983107c57f2d476367c93ba85c24f3407ada93dfe

    SHA512

    24631bb0023fd40a219433ec51cdd22f218d5ad2cce4a347e229fdff33bbda4279e6544fa32be22de3bd3b58768807480e3f8517100e31546d85e6a2a5faf52e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    30af694b7fc3c5552212951540448e60

    SHA1

    c39d43a4d8f49968a17e24e39e99745cb54054a0

    SHA256

    7f98fcc56272fcd94fe0865b338ea0db738842fbd95dc70417b59fb0ca633ff0

    SHA512

    3d29a3e22ce28036e2fc3d49fb58932871423eaa499f45d0566fa09f0c8c3fd341340873cb4f7f100d52600148f49b032150f32bbd76396debca9d0d8d77c2e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    93574fee6860cec8e0d4e7e2c80cd2d4

    SHA1

    8a03478b975c7282f652f223308fe18f1b3ed659

    SHA256

    283cdc4c141d1fff7fb89df1262420853297fea49cfbf8b3a931078dca8ed434

    SHA512

    618bfe418da3572ed1382bb1b2acc1b497d4f41403f73f39173472d1352503e3fac6b7a35049f690aebf26d9a09413b4561275911fa647a27b9411d2717da9dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    05ca43dd0669fbfe63bc186cb90bf5c0

    SHA1

    1a3acfafe14011f00abc4ef25ca8ffe6eacae933

    SHA256

    084a2313e4502f2ef6b947a7b29519a25f16d5b362c9de06c9508f87913c0092

    SHA512

    eab199c0a1d1f83341087182c77df7a465648598a4d3cccbfdad7cfe0e0f6baed69c531583f3694b26d7bcea5370d109ad7abb13cd4bc666d770a8915df30463

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b0bcb7afe6903ba97ab934a18c01ed96

    SHA1

    cbf9699ffac55f513556e1fc9529407f3c5ceadb

    SHA256

    f04d32f22109554acd4642079b1436728ccc1d93effa7e8f4c28e3ad2e7c4ada

    SHA512

    b3990262f4eccfbcdbfa66e18a99c8d89d47c095eda1d3bbaf6f0ad485f427b6d4c4665711e7ee8c695f79a8f312ac69e3fe4ce7b67e3131566ba617ca4cb132

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    70879562e7c4dc27aed9ad567d067a4c

    SHA1

    469e90c5546ec08423aa54f1c9344cacb7444c3f

    SHA256

    1c3b8730c8e7191700a7faa2cb31f2b84c59d9ca5e00383713eee66a4a64e719

    SHA512

    6e05643d2114b65cdd80beffac100f0a714b3ec4e3166d4d6335827ec98212e2c4e37a6784481e5bfdc441b7f6a7752f7642ca231016a374f462a371e3a5e88d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f3cc97dcce8489d501cc6055cc86cd9c

    SHA1

    95c0358f6495a4e852e21d7b6e80c757ca96537a

    SHA256

    a555ea7c621b49617cbea8f1e8fbb7e388cbcaba3fa2f71f09477565841aee66

    SHA512

    3335e0ccf36374e5fe4de54b8fb31683e1d3ac99a2341deb55395634468b1d9d9f93ef4036237ee30312ebbc8944ba142129324bf4a51dce7c5a12dc43eef257

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b577727c2168e03cf508e4268613fdb5

    SHA1

    e7bd9b22ee1c193ba3e6bff24655086adfaddb4a

    SHA256

    4d1c15059fc06e1841ffa6c1ca94274f4bd36c9e8eb1697c05fb68835c156cf3

    SHA512

    215cbdb72a82d21cdc92ed37ca7c0666a5dd519f8ec16d2b0e25a34afa509e411cacb2ff4464b0a84229adbfc6ccc6c823221cbd4a67d234c48028e1e0ad0d13

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2ad5c687865f029aab51b77e3bc2cf68

    SHA1

    dba7d1c9f568029552dc9a2d2ed83f9e5cddb9ab

    SHA256

    b7479f2e073d8f1f0bc9b31b77593c8907a187aacacd204fe2e0b89751b1167a

    SHA512

    7d42e5d2303ca256a01603a140f6a9514d7839b9d8a829f6317ebd8842df8e35763f114e3fb96153ab7e5d6631351587107706e314d841d0caaeec69b3b1ea5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    83339ff4acffd6dc6f0d4d59354ff335

    SHA1

    670c936634d75e9ccc35f227669526758acf4783

    SHA256

    36afb6d0ce729d655c228e9481db0188217cfb729f1ca0b2752992d3c81e1dd0

    SHA512

    9098b1ec77749a79d4abd9481deadfebcfb3cccb171886d51daf2eebddbee492ecc1aa8f318d52ab0aae1ca5e0130489067a614d52c3faa0d0096c457bb70419

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f86129fa8ccdebc5ecfd99dde7f23311

    SHA1

    ce67ba605ca3a5e02f1d15a89a14a106b4bcd499

    SHA256

    f7abd5472e1d4119d33f0ae33b55262bc45d8fe12f41ebebbdc9ec39cf350b1b

    SHA512

    96b02f859095d399fbdb7bf406d2bc8511635c0750850f7405ebbb3daad0e506aee5710dd81d2195b33fb4d3a3b4fb5bc81cb3bd866fe13dbcd871b1165ff7d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    84369e6287c2871e0afc67ea88a8dee5

    SHA1

    3a207fd5e4558cde635a0a7b69b9953e0c1ac8f0

    SHA256

    2851aa429d6ae774b2a402244981d5c0ac9909def920f88d4d862e9b5a70b7ff

    SHA512

    c331b42de878866ce7312658209f388398fe86c6983566a05483e29d703581c123f0f542e0a2b71f5b82927afb4453ae3f36a5d52a0bb671c81ec7d1823fecca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    de074278fe02a7c2d1bbca3d783b676f

    SHA1

    12d5803fef2a870947a187993b64def8df69d276

    SHA256

    27b7bfda36065363b375cec402f42766555e747e22857dfa8c03fac4ca4b9b78

    SHA512

    c0eca7d3f78c9d6424cfea0146e5a12e5be0420fe3390a17504573aff6d984d60efd47952b1f4da49af4fe9368c35f2fd7552e60a8266b3e259d5f33cbd3ffe4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e4ebb06e4fb62cf4178f60ded7feaa5

    SHA1

    f9d7fb218c71ae5cbcbb202a4aa4596ca45b6464

    SHA256

    32e82ae61044536a17a57edc2bddc536c5140ec18ff9ed1b4757c16fab6e78fe

    SHA512

    5bd6f894d0738c7be55034f7dce906886b6ef4a86c1debff45dbacc552801e4521f71ddee9481990317b19f214951455f0ea3ae1a25708997cfc27646bd033f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d1e19886f88d53b6a7ddc8668bebaa51

    SHA1

    ed9519a60f8521fd41a3f9558c93ad8170eb719a

    SHA256

    b125a2a47a6604e0dfe6a66d27cdeba063c334e11d2861756c92c29ae2c68960

    SHA512

    6cc1c188b79fd55480a04203988406d1fda1cc5455f72f06968b6160272a8cd2489b5b918612a109498b5a1e0620e7eea9e4834b1956f65e4db47342f90dd0f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bfed7e8ea40ebbd90355928a69380e79

    SHA1

    11c6d69c968413e255f00b9fa34d7a17e5e2d621

    SHA256

    feddc78e76541d88ec7fbb8c3ba9fb8ae1b2b751b34b2a3fc38a46dd669d6e39

    SHA512

    9cd48644c629e003d793fb33fe054292e24689116e29e62ee032a7d3f9815c017f04ec7077d015e7ab3cc586eeb00de2503902f86d1f7dd39f7ed8d290680236

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b59a3e23ac288033fb2eb60cef8ec11a

    SHA1

    f77e9be251290616933602b41ab0f4b403cee3f7

    SHA256

    e55f7d7f1976dae03187a7c6049427e4673910cbd79b83f9a62a83f811ab0d86

    SHA512

    69e088bd94636fcd99f38fb3234cfe48904b742defe333669fd75d72a225420f8cde94506185dc657d065bd9cfb87cf0258c4db43eba8de5dca97d1da4755f44

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    21d9f1e3db79c2010703c8057eacf5ca

    SHA1

    fed2e9431da9dd1d01b00613578a19438ffdcb24

    SHA256

    3cec4fadbf4e3b9c37df2b73ea7df70a78f21a930eda1fb8f3b1aefeae8c4744

    SHA512

    c5f8ede709796bf785dbd34afc335e8f3fd534c2aef495660958420bc7c432a7d5ace48c9a1a7966dc13ccb403b3bdbcbb0e8833d723067ddb63622e4123c91c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7ed6c1f1e8024843e7b58959c2c41df9

    SHA1

    8c35f88b987bd5de2c0b236d1a9e5de399d3e71e

    SHA256

    96c5f2f54961392a234e068bc2b8c30bd1131e5290195670090a6a92e51ab19d

    SHA512

    c927ee4e239dfa236e46bcce8bdf0a2786f8351ae36abcc549fead38ff5b5527476c3622d33206a8920c2014d11d050fb5895b5f0b139c2a849c5986b1b67447

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5c20bc2b2f709e27f7cf8cee844c7786

    SHA1

    6bb1877ac9eef84030e605e00cc4ee067a71bc53

    SHA256

    775be87a23f3574c89659970ab31f26b53985a46b183ef1c864b00875322d230

    SHA512

    4244d6a87893fe3ca8096e5d88ba4b43b0b39f79c2481a1c5516224ec2b0b31c556d23c04ebcf9f9d40e9ba3b3e7b03cbfcf6f022c559a6417cca30f57b1388c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5af579e5919ee88c82c353b5435554a9

    SHA1

    993f130751346f51a27de5d8fe849cbb218d2948

    SHA256

    b48bce8a72f3a2fd17ecb1115b6a9f51ee108b2a9b02b53d25259c821af81a58

    SHA512

    fd7211bdfc7cfdc6d5ca175f266a92d9e0f726cfdcaeea6972b698739734bc6c785bd167b43058b52a83fc0f075b4f70ccd651d64a158e1c2e1e001b410c9c7c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ab59795975d7e83ce9ebdc538ad333b3

    SHA1

    6fdd3ca9c094783effe80d88d4167552bb4c3403

    SHA256

    7a1b18ddef827f5d98e7526d10cd75dade3312134d3e1a9649bec5255fbad140

    SHA512

    597a9a92e35e14bccd38921f98ea56702369e343612477757fea1769057afdfd057892385267097a02b3cfc6abe3c947cf7790d8550fffa8608bb1ef96c4f9f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4726fcd793a5f794b41699093773b3f2

    SHA1

    54e7565fe76e7070b5279c7df85594d2f79707b2

    SHA256

    e85750b57a5ba5264e65aab22c194774453b96007af26554831cd5f36d60d631

    SHA512

    7c3af569a5517c6201e1ec2689dab304beac4e5cd17e18dd6b1876db6d230238f7f5f9f6e03b80d967b1c71efefded0898dfa2ab689825efe3839a749a28270a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a20f9bbea5e2a35f963256f0b7f1e3f9

    SHA1

    4a93f6a62a4257209d2af183bf7542e15d8af65d

    SHA256

    d1ed4fe0cb5b187d3c5abeaa78d5d15e06c73725efad3990b141d7e06c642a4c

    SHA512

    15d0a33a51234715ec4a445d85a432949526c710749543243c12d6fb5d969a0267d333d212227c0434bb82f3272440f33258c1d858ac48ff29e202a0eca4498e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    37c0da7db518e015508959b8a30f80b5

    SHA1

    fb8502d23bb5046bd75c3e771080fde50c024425

    SHA256

    fffedba3bc4bf7c02cc167ede025344fc7006e0041c50493450a8535b1ebfba8

    SHA512

    7b145ff94cddd74b9f66581578ed3d1882bea60e203584ad01d9637dec7b5a7973964f58ed005a4c56ca25970c8e2e19b1139652a4072f94db09e1fc677c2e23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    92688755208c3796f27b8cb4eed824d1

    SHA1

    654ff6ab760a4cc9d3fef22ac09874d8f2658f98

    SHA256

    217ac34a1bac14d8bff11eaf1e002da81c70ec2240b5920fbcf628bcb2f70bbc

    SHA512

    f70b089250a0fda2d5d359cc0c62103e0caefd25f6eda7310b96550db913102d97f423e015ba6b739ac391298eb8d6326422b6226aee5792c7f230cf142bca30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a73c98a9db5e8ef39f4def695ef16a5d

    SHA1

    6380028802b6f7c33025c0e24174bf9e507a0e77

    SHA256

    3af7a98a0513329b70347ab0be1f24023c143d038253150b2daf5b170b42c5a5

    SHA512

    a7a00924f65fe8ea4c21ec4479508f4713358a9e2786f75c6f8e69f9c25fc0e1b4aefe751ed8e642323a72198abe2557c75c3295227c472deb03b39f91f25a9c

  • C:\Users\Admin\AppData\Local\Temp\Cab29DF.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2A7F.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    6786a4154eeac9ede8d330022bf6a91d

    SHA1

    9d138296c63bfcd9ca2e8e7d60085dc3b409748b

    SHA256

    56c84c7837d648381051b552bfdff70607e6e2ecd3b91593ddb28e93c9f02f6f

    SHA512

    a37d45166ebc44a9fedf5c56d4a3ad9d0b330062d5d892f523f0b823d4471a970ebc5ab8ebac2ba74e01ecbb7355b504d5d074ded2f1790cb08131900533555b