Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-05-2024 01:23

General

  • Target

    Volvo_Distribution_notice.pdf

  • Size

    43KB

  • MD5

    3b42048dec68b9b0ee00d421b7a4ef3d

  • SHA1

    989d72b7388bcbda729e9235e7f004815afe3a73

  • SHA256

    e9b0a63bba1373fda64862b5fb883d05a077075b497e4ef1db08300d5430f5ad

  • SHA512

    4c926ec919b292088770f3a1e2160f486e1d13ca01c7c26fe98f324298ee293042c7469ad60167598f281c219cef69bcf6df28cb1d9438704ad5d8a9eb2f9199

  • SSDEEP

    768:jEPqKWFOnz7YFUJexce32AzsdUqvgVS0F1fttymTnVwRhYSAcRNtDObpskS/nLdj:uqJFk7lJ22OqolymhOh8c1Dk8/LcGRdj

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Volvo_Distribution_notice.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://down2earthincs.us17.list-manage.com/track/click?u=a6722c149df2e70d2e90b77d5&id=0c16d919d5&e=627038960f//#/?//YW5uZS5tYXJ0ZW5zQHZvbHZvLmNvbQ==
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    24a5c65e7d28bece74b0624b4304c8c2

    SHA1

    15e6821f76001249e56e286e51c8d8d2adcb2bf5

    SHA256

    c4b5e1b3c461819cb982180a2b52e0105481672b6ae42a0ce7cea8e94a780a1a

    SHA512

    651b5262840bbc5f8711203f44dd4ebe1a6bf20490325dde033027e12e9906768fe101621f6d30a1bb7b5f20f35b4a4db1f0487e8a114f41becfcf78aa7597ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    97d93eb75a4abaca6b3d7410dbef5b8f

    SHA1

    dd59f7df3d805139d0a75163b64db5e77484a983

    SHA256

    09da7f9e7e096a0e37c3ef9991a0c6147ef1407d814b9cf7b6877d2c5449e074

    SHA512

    1d69d80bb295baf6ab26e7dcc9b4ef8b4652395d5946b69a9c8899d09d0b01fe2948729e1cae9400c86fbe541bb316f47e2c6a3ccd80fb1a94d2960c06734f1e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    704f82c154a706c0979c070129ce8f0f

    SHA1

    2d8e587673aeca4727d520f96270be29b26c2860

    SHA256

    70b2e32bfd4ae18db2aa5677159a17157a885605d9a3f96466df97c9c0cc613c

    SHA512

    abe7f22d9b11b427d26229a5f3d182612739430bab7cf0494d01c7fcfa3eff5f294dd254ed706ea02f2569bf66f988e9cad52c1bc88b312067916cefe7df160b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7438bece6a057e1e963d708afec42169

    SHA1

    2f8c466b14c12b6e134d0f78516d2e5c4ab52974

    SHA256

    0789d5ced90ea81c47ecef7b9723017084e863aabdbd862f0fd26bdbc120ae2e

    SHA512

    24c85e967c532379a2a81b5e53a90b30879a278a50377a99b0d5c8dcbb1ed87d0a46ecfd594e14267961c10b07c0a9bfe85aa6accfe61c1e35b2532e217ba5fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    253226a50e883b98682c273941717b0a

    SHA1

    c0eb3cd4f2da8f95b7a85b9bfff63b9f92a1ab2b

    SHA256

    7b7840a9df932a7336476c7c458ae939eb79b10a5d492d72939563e0858fb2ac

    SHA512

    f00a8537266c0674f76187c4385c707f90dfae86da7dcfdcb497d8aa8c2b30ec887e0dcdf7c3085b5401504a4fc0214900f54b04e843ce7248475ca8fadea1d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    27e644f7caf05b7f04ad47b28c937971

    SHA1

    8671bc12ba4518c1ec2e4fa7fcfc997dedde9faf

    SHA256

    2b6051a9536f125ad57e0bb21972a2de32f946b157712b1b524afb3209042eb0

    SHA512

    6ed64478b8eb037fd363f17ce51e7e9782108eed9564443f942704923939ba8bc0e5fe6f183a62d1ba4218fd79bdad80682b5d4dc05b2e8c33803048cc4f7e3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3024174052cffb5b3621dfb2596f72e6

    SHA1

    029744b425bc2c1f7c122961276feff80509c78d

    SHA256

    e490d32b75b2b8e9af0f3ef95937a29ea2b74505e56e5a84d32ce20323e99674

    SHA512

    892acab7b7c2683004738054d93c1ba8812267d94cf2d939219520d320b66d67e7ea431bed73b0d51a6d36ff0b75568280edb76d0e91941e11f9adf701a252de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dcc7c4ca1b5ebddcf8ce0d23543959b3

    SHA1

    eee1ad6dbef8bfbab3dc819d8cef5076d9a7e1d3

    SHA256

    677cc3ace1369b0631d00c1b7bdbba655655aa0587ffe5c7780a8bed4acbdaac

    SHA512

    edf41881d17de82ea6a65a79695adc02e5bc66166eac5a2e86828709426cf0a33503f3a291ef7d99b712587351d01901518ac7e7f51d543c1dd36cd5d3831f2a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5c90a51ce0626f8e99582f784578bdac

    SHA1

    7e0e2d4231497ea959da3e0d3d55ea6e3a8303f0

    SHA256

    be3eb53148fb8ef26171ace0591b65cf50ce0f98a4983535bd74d6e21bd9592f

    SHA512

    83329f0747c841bff3138fdcce1f73f7ee546d2d9e84a5d75e5a3851f674bc2de8218575187ade08fcd198f25bb808d953186c4f43a7ebb02e442ce17f673a01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1237a6ab16b0806b9755d00f09ec9b62

    SHA1

    8e9bc34711d8c245790762454c650c4e19ce77db

    SHA256

    4fd919f08a3e8c28682949fd1b72bf5f777d345c2b0d6505d3728c3e2514acf1

    SHA512

    35b699bad36f4ab25eda5d728cbded6f3a072a905d78f3ea90c5addf4d922fe93192c582e92c2f067103d9a5ff07334d46ca92ad589f968750ca56968437e3c0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    20c639dfe22bd53b06787685a4b94f41

    SHA1

    d71f49f1b1081aced1ee3e78715724d97d115015

    SHA256

    f458c00c46adcb8e248e7a87c25c398df6c631a1258d173f640421739b0cef0d

    SHA512

    159bb0e4968be3f0151b2fd524b9e6f856163999f6e46da8c391e9a67e9d51bc1f6dedc24adcc1698bc4fc366e85665cd85093febd5d38d4445f6b104b952fca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b3daea99ab9fbba00a63f7d7476dda5e

    SHA1

    4536fc14a98f505684c8cf2d9fa43c4bdc4527c1

    SHA256

    99bcb300717c7a6feb4fc5a39d714bc9a15741290ae2d77dc223856227e1069c

    SHA512

    a0862f7e4b1be5e8bb94cb3caa5ee9fa0c9d5eaeb247ce4aedb07f78eaa4c9bf5f27fbed6dd27417d4a83c32d061d0c6de7a908fab441655969301ccc9788031

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0ca934f5deb2c41646a325d3d471fcd4

    SHA1

    11b591cf6d5ec87b7b9c5ea60d83f1cfbc67ac5c

    SHA256

    c9ff2deecd46a92e9e5db41cfdb0c0205efb7fe186f296cf4f88305dee06897c

    SHA512

    4e4d5ff85fc1dfa7370766534dca8a76721ee460ba1800ab405915bdd87a3925c2c04465c1b4a657ad4ff9e32937ec04c2dae3f99a199197679b6f94b905a7c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d5233545b04fe4df5604a3c55f4660c0

    SHA1

    062d3d8309bf6046307277b28b11f74b8e86fd6e

    SHA256

    e5deb0798a4f16a9add8e1549d27bea9756a02bbb74eec4a9cea94e01f212b5c

    SHA512

    136dfe8037acb065b430bfa1d6ac9d1b1781516a90942ca7963f62823595d486c1b8cdf0f782b627448a954593987e0263614f3a9409345b80b7d806e27bd618

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2434e4dc7029cef61786077bee91d2b3

    SHA1

    37db90000b14ccde8389db4cfaa20e25404b26c1

    SHA256

    1c6e0471b3a10978e054fc56264c343405dc2bb3b95448b4a285c5ae0c1e5a3f

    SHA512

    c43c35d7215514b0d90041746cbbb234cb073a5ef1a30b7eb5a0dc917bdbf280dc25217742588fceebd7e27f7ec0850d482988c16ba67ba19431fa0a5f81de1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a45936177bf351652f15c78486bf66ad

    SHA1

    2d8bf1c589fb96d960df0e29deebb0e0aaf751c6

    SHA256

    aef86fdac2bf584145956eff5bdbb15507cff43cd03fa38151decbf26e7cc691

    SHA512

    ba3355e4cb0ce48648d1b255b2cd9b31ca32cb75181e86588b81646985c1e862b024113470b9c20a2b273160ee1909bf5ccb89931e3c90bc7c319dca832c66fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b57e9e7d7e86d164c31eb45d4c603092

    SHA1

    f1c25ff65ed92fba05301817d8155095401fc8d6

    SHA256

    53657e412c4fdfa8fd6ae1fdae7ee95f44378b815a327e207572d9190a7f0de5

    SHA512

    6e5b204d0b90961fc310a33f224e89befbb71f7c8b06bcdb1b81ad378cf44aaff1e068e758f58bb3cdf8a0e2b324d48fd2ad18a67b9eff36c7abcca2cf5488f7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a36905abd5a9ac4a71be05a9f718c56e

    SHA1

    8d979e6b06ef52addfc2e4ba1bb4becbeb24996b

    SHA256

    9fe248b1bb888ca72687720c8fc2cb60c5c49bd45569f5a8d1f4b2a0db1978ca

    SHA512

    304eca5841701beccd83c8c4ecd6d9d8ed2252a92eb162a296ccfea3dbb23ca45835477d5ab63da51f8c68cc73a6954cbc40f05b1ba65a265bc32010565ff020

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0fff5a36b8943fd6813619e4c068818e

    SHA1

    897fea38258d1610fc844fe6ceba76c6a6cb7b0c

    SHA256

    916e3693f3c4fe24696d06dcd650785f49b4d57c722a2d8a944642d645e0db22

    SHA512

    f179109c96a7c02c49b293f31453e84f82fa984d8a30e03fcc5b0dd336a72b783971bbf7fb62b98195ea6d68218bfb070c150732cf8482b4ff911ffe7a0880d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e130325903e8ddb06228f0e5028a1434

    SHA1

    9fe7b9ae0829b497e595403c6ba172cdfbf3af6d

    SHA256

    10a74bb5b63c8362a0fd3f2cefaae692694cd1b042c9694e8308b55c08f0ecec

    SHA512

    ea0db45951da6f8476941fbd97117446ea53592688490be9ac1b149652ca5908899e53baadbb59932015defe9eafc51e35e52c5a70b22599a7687582f2372f78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    69e3452d74aeae1e78c766a19a788621

    SHA1

    d2a0e9a4809010f8babedb42b04dda7186da5957

    SHA256

    c7ebcc9979de029c42b4b454158959efb2a682e933a1c6d8f77da1a5f17611e4

    SHA512

    be2ff66fb7eb453edc7a77667e7f29f7178f8e6adc6a180a53c150b9f9c6f53a32286851800006b90b4b228a0110e0952703efe066300328c9b2405e5d5caf41

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    18b5140d2b95a932c182a5eee3cbb760

    SHA1

    f58f65bd1929469917c75139aa0342fae2d7c7e4

    SHA256

    1ff5f538d6721f45b7e11d4f5eb9c31c868cf6ee06fd6ab829a2220704c7d987

    SHA512

    b21d74d8d69e1393d1cc5eb002f8a9949ebb33370c0391aafd389f25c4189ace04a2e52cd2ab8a8bd12c52b27160d971b06ad5df8d5fcec74fdf8f78999776d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    42e3d82a110b43de10be09321a89d77b

    SHA1

    56af2d2daa12040c16672174084fc00aa54599b4

    SHA256

    e68f75adf9d4474048df312fdeda73a659f013e94493e053300f11c35f0e7b4a

    SHA512

    8ba9ce07147d6efec8756877f824cf308e71a8c29df3494020c410a17b200ce3fafc823e6b8f34472c8b6d74986dccd17f7b5f936f437cf1beb13a6bf1396948

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    8587da1380ee04d661f637f1b941c2c7

    SHA1

    aee2f49a1e907a6e268a391ce4fc0b5ebf7cec4b

    SHA256

    19984bac9b78f8b7b4f6e46e071fe8c22d0ab13497d00fbe677e677db8d01147

    SHA512

    1372a21ae88021489fc35bb4d14e1bf8bb52d1c3773f7e44a98280fda45a09155607a8f4a203e4a00ff36d59cb2cd64de40d54f91e6210bb737e71120e35dbc0

  • C:\Users\Admin\AppData\Local\Temp\Cab5610.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Cab56DF.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar560F.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar5701.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    b5aaf2afd2d07d139f08e8b80888c662

    SHA1

    0157a1740ed73a5d3b9046cfe1574d733c9d2308

    SHA256

    b51bde8e2d26c1b924898098a72a03e5e44f1c5635eb52fb23e6adb6f3040fd3

    SHA512

    109244f6d5eff18235580bdc74f885ae39831f0e1c01e33d82b3093248bfff889d7c3a6ceddd87a79560923f397c69512b39e26cc63291f6ca953769494532cb