Resubmissions

03-05-2024 20:17

240503-y26pkahc82 3

03-05-2024 20:14

240503-y1dbmaec91 5

Analysis

  • max time kernel
    127s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-05-2024 20:14

General

  • Target

    Volvo_Distribution_notice.pdf

  • Size

    43KB

  • MD5

    3b42048dec68b9b0ee00d421b7a4ef3d

  • SHA1

    989d72b7388bcbda729e9235e7f004815afe3a73

  • SHA256

    e9b0a63bba1373fda64862b5fb883d05a077075b497e4ef1db08300d5430f5ad

  • SHA512

    4c926ec919b292088770f3a1e2160f486e1d13ca01c7c26fe98f324298ee293042c7469ad60167598f281c219cef69bcf6df28cb1d9438704ad5d8a9eb2f9199

  • SSDEEP

    768:jEPqKWFOnz7YFUJexce32AzsdUqvgVS0F1fttymTnVwRhYSAcRNtDObpskS/nLdj:uqJFk7lJ22OqolymhOh8c1Dk8/LcGRdj

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Volvo_Distribution_notice.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://down2earthincs.us17.list-manage.com/track/click?u=a6722c149df2e70d2e90b77d5&id=0c16d919d5&e=627038960f//#/?//YW5uZS5tYXJ0ZW5zQHZvbHZvLmNvbQ==
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    ca925895448a77c2602ea280e7e0d801

    SHA1

    06fad8f0f24f3bd40e2b87037a5a1091d35bd88e

    SHA256

    06678894ad8f590e13c2df52a616531dba504a09316e53166655bca27b8464d1

    SHA512

    8ada811f4a06285fe8595b332a580d7c5c99f799ea7493a8f274b4db45dbf9c01e23dce0982c618fe36567784f0892d8bb6ef97e5900d2b4ed274ca2be2a341f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c10000a72f2995d04056fa67831d61bc

    SHA1

    62c37a9425a0d996891e9475f9579f15256b33ce

    SHA256

    1527257a76c413e83f1886f9ddc2178e0501837346155d9ce7f0608547b4afa2

    SHA512

    a62012989c86eebe7a00840303a4281d856efdbb43e90dc55183dcc64b172d5e00bcc1e1e05ccbfb630411db3b54690fa0a0af2af8c032ddc5a8ec67488fa755

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    702024026500ef9eb9bca9714e9be454

    SHA1

    eceae4c0a95946d4c30f493e81942a22fc3c533e

    SHA256

    248bf8271ec6de59f9b308ccbf4b0844e97b70c39c279354d773836833ebefd3

    SHA512

    8963e1ac04ba175ff2ff69f4d9cb0415aa656865f8d7dc53c052144436acc532315530afd533689874af29c6105b634621c3611ddd6bcdaba199784f8544048b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8c75fa821b6d678646453ac13f5096ea

    SHA1

    ea9440c2aff8021a79e906d87e5886bf1be2e0ea

    SHA256

    20d36ad2615b77f3975de18951413e1299c7e23d94dfdc26a021852459e0ad64

    SHA512

    2964c04c1b93c516fe1ac06be8d2aec15508535c3af62ebd38076735deeb898ec0f829bdf52c0af7189ce395cbaccb70098bfd662b46bad4e13fb01333a789e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a56f798a3ba0aa754be97db507cebe61

    SHA1

    8d1fd2ebc6586a6f38fbb3c59439bdf132affa72

    SHA256

    0d9cba696535fc166b7581b9cd59ce9950b36004c86ed9e88cf28ce05df3ed4a

    SHA512

    5ba1089f2c31525234431fbcc232159482127e846fdb27140a0c06388982f98d103682266eec76144a82543deee9065e01548e1099358184f521ffb6236ac31d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f05197104c7f6df05c27b6bd48b0d477

    SHA1

    f8ec5d06113e894e05fac25f466656a25574d15a

    SHA256

    716de8bce02033734b331a4e898985a5e70bbc79aea007b878ca714ff3fd1be9

    SHA512

    5e3165bdf6dc261d52851bf9ecb565b54d2844ea25b6d1b6377b26bdfcdab45ca7440047c7843d63ab7716c45be40c8f5dc231325a37b8b9eb986f20a1b5ad50

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dbab7ad54a178745e9a926213fae046c

    SHA1

    23f95dfe10fea20dce5d98f579947bc5a6c83d77

    SHA256

    ba7bbfcec75033cd34529fa4a2ad423c85b9a109bc97f79813d66dfd611b5b02

    SHA512

    6ff1ea4021dee394ef7405a7bf47c051ceccd2ceee06d358dcb96ebecfbd1fba77afd5e536efcc61858511ec3b586949043751ae8aa16081a45b606f47346028

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b9c516fbd84f9ec55dc8822f22bed4d3

    SHA1

    164423b7d2e8680ecb9d909800ac8329dbf9c3ee

    SHA256

    3b6743aaa3fbb70b1d18a2bfdeeabbf159bfa7fbe23a9ab83186c7b7e9c2371b

    SHA512

    ad68c7b91e7f6db2313e4c3478720e78ee1edd31069ed612ef8cdd096129984ae954c4736d9afc6275b577923a3e6c8b530a857ff065478e7bd856ad8b710bdd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3713fbd2a77d298a029722bc354a13b9

    SHA1

    67bb850ebe25e971913cf12476aaee49fe4f47db

    SHA256

    f8685eee5d41f0c6c09cc71c5b98b8f5aa0c973fde2faccddaae3cdbaa33d5a2

    SHA512

    f22f97394a768cd956a6f6caef38305c0fec11bc531cccd463b0c4594b13fd308b7597aa34b9e7ccda1747afe2a8e6f19f5eb29948e22a921ab65d7bef5c72e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a488da1b2ef6a95aa56b5c0965befc78

    SHA1

    d788c8840b2d7e95ed4c03fcdc13bdf19d08c8a8

    SHA256

    9a1d7e2c227862141e1504f8c03f9fea6d6bd239f5d382961af2fdf95cab17d0

    SHA512

    6751fbeac574e051537abf3b13d4f6f0f8943eaddf84c1f0e424773bce0f800be0165285f6c8f484e778e09caf205308f7f1edd84a6dd04320dbc4ec82b9811e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c18eb866a6fecf0ee7c8784e45199180

    SHA1

    f93a43033e947bd6598cde666365d69caaceead6

    SHA256

    c0048febb36fac1fbf4f293d96075c78f9a6bfc1470ca74a98ad1467cfa81064

    SHA512

    ebc1e69bfcfaf0ec9f8d35b4187ce2522dcdf4299951ddeee726c57548aab32ce7756e882035b333c8b1ec5e2a249e139b89eb6261da934758c7d2bf5352dc24

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    048226e7b6c2a5d5dc1ba9511b5c1f00

    SHA1

    18c83c72b3de991a0d4dda6fc53317fea04f76e2

    SHA256

    c8ba016e0264bc356223554dba67ce5e761989c6c4693ff19638a11b274e58b4

    SHA512

    079a82136062a665af92f0396b31bb7c7f9bd4156dc90d3191bcaf19bd496ae838cb792db8c0764003daac11a8a9a69a3db0782c10f45d3082417015d08faeb3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ba4f7529cca3036c4c13c0553eab40cb

    SHA1

    55e305c4b3b419073312df899695f2c15236d904

    SHA256

    8b4c9d6282e580557146866a4998687fa47af94b5f389171542989e487871e6e

    SHA512

    975fdca1a2762db2c5ad5aed0f8e4ddcf5f7d3a69a129870403fa461ab885db729a4762cf3d43fc49d90abc009a76bd3bc4909966365ea9296fa7cfd58d70e32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1f8e72e5274f527adb1b2118aa7f9144

    SHA1

    705c6dfb6507d2137e0bf8e6076b86880823c797

    SHA256

    8a526483f315b482143f748afcc44bf2e1e8b9f0172fd5445c9cfc5fcfecf4ee

    SHA512

    cde9922c0b8b40ee1015e5477a81cd15332021fa2d10205b7426db26d515d669236ee1714382a74c354472dafed5fc2232eac3ad06f3ab25f92ff1e3d8a1e0d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ddfa20804c20d846f74452f9302bc8d9

    SHA1

    b72ab539e0da0988175ff59333bfe14cd9d28d75

    SHA256

    5798b55a527ac8e6a50a40ec9e40896dba26c34a1391f34fd1aa113e75e9f634

    SHA512

    94d09fe3f83366aa3a2a4e1fe45fc8609ef4496b62b63fc74c81db699811410882de40fc02e15c9a352608adce998254fdf968ed6179aa116374f8ebb9e6f290

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3147a167373b7ae226cbf16e2097eb98

    SHA1

    8932e7b01cb079662878f14440b20f0ef59f79c9

    SHA256

    c8fdc1e28dfca5408d3df656d0dd71eda3772c1cba1dee72e97fdda61fbb1bc4

    SHA512

    bab2b20f6a18e2e99805b10b7c2970cc379808c0ae1a8d6cbb494dbbbdc9f7b633da758b2cd5e42c69ab1cb6f9d13bc15588dc4fb3c7b59cb42da3e17a6768b8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c944ec4aa5e2cf0ee915be97da25bf9c

    SHA1

    932786cacc8a2f3224524ee9ee89e771b9c8097b

    SHA256

    2ce1fb57ed114f9ae97d6f839d74ab2470829ddc90562530477f410b8596666b

    SHA512

    1a0896db469ef93954fe91e7953333d8a303404c031dd8c1132d61b25392cfa9b034048310b8a4d30563ab044f375a32906815763182afeb5880c356a92321db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2207b02154490b5ee5364005daa96bf9

    SHA1

    a8357dd471eb4b0f63ab39428b03194820a5a92f

    SHA256

    e72d2f9b2d4527a80c9e812915e8ae11546c5e663f1e7bd3deb4d5a60072ebe4

    SHA512

    af9a0e0845e64bb6ac7a2b584c57b2cbd2a3708a0e06bea19d7718b99cd1dbece3d10c89c657439d61f9c36888d9e587e9db6cad32db8dd414eb3b2a2291f059

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a682a0d5cbe76e98abbeb1681601a419

    SHA1

    6608b6f358b05c0a3906c528a08be8d3bf0d1982

    SHA256

    79ba0e29e81424f7e649f7063dc6a4d4808a4c1567cb37454ef37509ba9443e5

    SHA512

    f295f01c963af1295ede46f3007cacecdb6e7264a1eb57ae2da1af3eb39fd2175ddf7ede0c25fa1799685a7a37cdd803e665a0fffca782c27e117025ce6e7c8d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2e366cdf754fe4d929ab8f64a99bec95

    SHA1

    4cdc450c526ba85050b7114067bf262a25a13b92

    SHA256

    6d2a295c70876430c3e269c7e9a7e49f02c14817830de4cf1fff9d8b06a770f2

    SHA512

    554647fef8f35fa00ed02b03af322ab39ea6b1940e7be04972133cffe2b3c4b2b88d1d82af6ce63ba71ccb645722590ec67668ac1ba96bf5947fb7382b70c454

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    acbd53b71d87d47cd1da15e34fa780fa

    SHA1

    ed7d0b89778a1d402b6ab86d0995c6ce32a0e2eb

    SHA256

    a7b535b58dd859cdc537f88226cdd71035c0b8e3ca7b2b34bc3b548871cdf5fc

    SHA512

    fb607e8b69ed77059513f7a48f4f0a5a759530b81606557b2e725355b249c662fe4a45d1fd73fedda7850f67115e2d67c71760597570d7c777f079f87d3ccef4

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\api[1].js

    Filesize

    41KB

    MD5

    65b0a652c40c95d12c4ddb3b4567c1ea

    SHA1

    c654efa19d01d6553ed4e0f500d350011e023ad1

    SHA256

    c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7

    SHA512

    5a5c65910f8bea193c2b57f776d46c94ed6bd784b58f6718ef8bd97853c321c1922e90429a353f057aaf1023d1381f6ed36e3fa26ec361865e2decfb6a59064d

  • C:\Users\Admin\AppData\Local\Temp\Cab7746.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar7747.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar7BA1.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    79cf44b78e2bdeb87fa43299fac7f2eb

    SHA1

    6c8e4dd0973c0dd23e775cea5c3f75bea17def56

    SHA256

    55aa2d6eea7ab46c7afd729ad0b79cced6d843f737299e2e622d7bab6b839498

    SHA512

    56b45c83e099e0de6da71b22073a2cf055dbb4f7b73779a4874fe9c36aeab3ba8a062cde0550f4a2a8184ad5fcfeaa74d0f90f14d3edd31f19d9838abc556140