71db699116a58cd4dabf117fcadaf612492d8b2e5b82752328412e97d92a9326

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-04-2024 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Scanned Copy.pdf
Size

39KB
MD5

0014e36cd355d92b36e0f61960ea61b6
SHA1

6bcfbd052d102b5f134c3f12792b5e795fd4a277
SHA256

e8d549fffa06076868e012e0fdecbfc636424668b540743c5528590186992e3e
SHA512

d01509c7fa51ff30c49ce78a0685c9355565576963b7ba24d811c916cde935f8cff4384d7d1f9fceb585cb86da6c9be13c3595e066a6c6b5dc95cdca5abb7db0
SSDEEP

768:RDMq6WkFuhEeCUXBUm2RRUIrCAfQUjptjGEArIAmoE1gvP1TTKgIZyDfslm:RDMq63ulCUXGm2BrCQQU3SEAEAmQv1Ky

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{441D6121-00FE-11EF-B33C-C2439ED6A8FF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

3028 AcroRd32.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2024 iexplore.exe

pid	process
2024	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

AcroRd32.exeiexplore.exeIEXPLORE.EXE

pid	process
3028	AcroRd32.exe
3028	AcroRd32.exe
3028	AcroRd32.exe
3028	AcroRd32.exe
2024	iexplore.exe
2024	iexplore.exe
1440	IEXPLORE.EXE
1440	IEXPLORE.EXE
1440	IEXPLORE.EXE
1440	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

AcroRd32.exeiexplore.exe

description	pid	process	target process
PID 3028 wrote to memory of 2024	3028	AcroRd32.exe	iexplore.exe
PID 3028 wrote to memory of 2024	3028	AcroRd32.exe	iexplore.exe
PID 3028 wrote to memory of 2024	3028	AcroRd32.exe	iexplore.exe
PID 3028 wrote to memory of 2024	3028	AcroRd32.exe	iexplore.exe
PID 2024 wrote to memory of 1440	2024	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 1440	2024	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 1440	2024	iexplore.exe	IEXPLORE.EXE
PID 2024 wrote to memory of 1440	2024	iexplore.exe	IEXPLORE.EXE

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Scanned Copy.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://drive.bps.go.id/s/t6aD7gQHCe96m9a/download/PQn5zsO-s5v71-zdLsa.htm
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1440

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b38d60d8f27e5848c1ab83596000b60f

SHA1
edbd58d1eac08dd42e7b68256e323f9923ed7a33

SHA256
1c2cb3dc11c9353966cb4630780ec4bf59ea4c58ce9d7507182c40ffc61037da

SHA512
f838203714597c9e6377a199ad3be7088e2482dd6da94b709eedaf39274072edb7931116216fd3d9bb14bf217af5e51662f9836ef0b3de7ceb9710b3b51ceb89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1ae34cef82a438a3bbfda9948e345acf

SHA1
ce1fabca5467587d97bc6248b656456fc774b198

SHA256
91691004f90ae8854a7be6a41d9584ce7c198a61c7b6a7468a6358bbd66070ad

SHA512
79bfb4d925d26512dc3f6c1368b6314cb08dcab06b55d1b7069120cb2e92d1a7308c0226305204936f8d6abe3678dc4f05ff4c424c3a8f425a42d8e0de8ad942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d4916d992d2d5dabd94c644057e0350c

SHA1
65da2eb04f025b2ae649a3db75bf746995e442f3

SHA256
b9a0eacb2906a59e4f2d51261b1c8d75a63ea2a4a5456d36a4a93e54bec5a3ed

SHA512
dd93c111f6376cce662c574dcfa4bb53eecea7c0c49a934a6e8ead794de3cf46555619dfda915a252d005a53e8b5c4e323b79e1a00698e14483ef61e48100b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d08324e34fe58619ba9cae8aa3784ac0

SHA1
f4706b075c26f4f52bac682b4be1759f1c56fca5

SHA256
cdc1e1165e0bcdf87b081b2fe4e0645eca2b635dde3492885447fee896778307

SHA512
21e56bcb816cd9f22dc6134999fed5d07034a1b76c6a7bd3164efb9fc9958932585cd88d85a905e849e2611ee41ce4658e49805462a4080dabb4172d74d7978c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d50dc889bc80e24cbe12c44f0e72bd8d

SHA1
debdf6defd5af143974e1872642fbdcac7ad9822

SHA256
8efebef8ab2d7d4d484bf17db775f509222f4f7fc7ba33215c3c3eef0e670be0

SHA512
ada51fc3bb917eb952ed7a0550ecf61fe812a5eff8edf4d7605dd904c6d2b599492eed5a70fd37c1b90d628e62575e8c535f91b1e9a2712803ad1659a4868773

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
90a65c4f5f1c85448a3b6c5d2a1274a0

SHA1
1c2da49a6d8dd7e5862a18bd719b46a2b989f4a0

SHA256
3c6960816aa83e43cb61d27c8a9f59432710f52c43eec4d16e3f638869b5b5c2

SHA512
f8c7f3adf135dc0238bcde68b1413357bf188497ffd9c5e982a01a102bbc43c8b8bb5247342834ef0871138d46aa16a7638afedaede9d32df53b990f8d920afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6a6800f99028d22307acdd69730d9d28

SHA1
d16c5b8ea9be3e0e77829c49aee94a360c5b46df

SHA256
e0ec73a5e1cc43cdb0a9184c1a546094370b604f1201eba66a9ad32673dffc8a

SHA512
bb540675e118363d0f004004ea111a4b077b68ef9bb2897d1adc95c1dd1b70aefc09ab7c6e0913c425aba84ae285a90e000d8b3fbfe5812ff3ff9d4966ef0e4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a1a1bdfb77e1a401b1186f047e076ae

SHA1
3af53f7a495b24d211c40c1ad9c813a69591b4a5

SHA256
7ede6e42ac487b7dad8f538ea71f133fb88cb5c98720a99f958b4401e7a1aa42

SHA512
e85d7ef77601a6097de2959893d33d8a2de9798a980dfbf345c47261f8da090564142e8154d26ef9574bfa4a0e79e7c5bd5c53f9dfaec001b06f3efeb3226bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
630f49cfd98afcae7adbee0e68fd69ac

SHA1
d24fee39b9d5c398d843b8e52eee75cb3cc7a76c

SHA256
461126837513601bb951a7b805fcf1bf8d6a00b9afb9d7cae25d2b3574679b8e

SHA512
555885a9b37c3be77f4827b4cecbb9d5cbac3bc0da675a93e8e616da961f45b6ec7e9e77add9116eebd740751ef4301217e50e49a40eb26a76b8d15ba8c39b02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
45af1d266e429840cc0eb0944de7f6d3

SHA1
d9d9b8492cc904902d9d8a830d7028124cf3c294

SHA256
dc4a58c7834294afa58e5136f86fbc36393e843f72201f32d42e6ca8ed537bda

SHA512
cdb6540317937d155df9152a27acf107e0b3f393cdfad9612cd54a60306913da75ad103a4ee7356bfa150fbf464034c9563a83812e133a5998d2f6dc9183f861

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ba433289fe12ef074772ad8cb54016bb

SHA1
ccc2359ad71de7aa3fd49c1de4f39f734efe31ea

SHA256
8d96684ebc9abeddcb416326a781e7a0bed033b4f3278c0973b6e37db464e354

SHA512
47657958f57f16f6a0a82e0ee8d8c677cc5790ae19a06a3512a1346b081d79d388c19a289e885d4fc49e26fdd31a8f109640ab15a6daea9ab15367f939a81e6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3c3633d4071e10afccc81d5df055340c

SHA1
46087395b40f916541db5ece79a297f9b4b032cd

SHA256
be7a1a2d95750d07c4649b78006a30fa0b48173f138ab79a8ed247deb6c0dd46

SHA512
c25f93fe6a0f0e1623899b764fee500b5bc4ff2e9664df917a3688b8b6821ac2fc232ecb7741a2559bbd24fef6c65c019083523f44b1be48e91701126a97228e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18C0.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A2E.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
Filesize
3KB

MD5
c960145544713f7a8861243e60222615

SHA1
64aaf406d62696441377772c8adef3f16eea9d90

SHA256
a021209ecf7f143286ea0444a2e6b7b24b3e1efc98766806943db115fd126948

SHA512
293f8b5654b705b9b606d8dbb572f03bc66cf7b0a0b07d60daeb4d95943d3a0707163db69766492299d029ec05839f3a833a2a5af4a0551cee2a35779d1ddca4

Download Submit