Overview

overview

3

Static

static

3

NPAS_OUTST...1).pdf

windows7-x64

1

NPAS_OUTST...1).pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    361s
  • max time network
    362s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NPAS_OUTSTANDING_AMOUNT_ATTACHED-_E-FILLING_(1)_(1).pdf

  • Size

    79KB

  • MD5

    d02fa2a588369adb170dfc8ce42f6cde

  • SHA1

    9be50d821739784432ba49d6166b65e7349da856

  • SHA256

    6d03a7c784e61fd31f5fa17869dafcc043dc5d03c24011f3e1b287d8218a1720

  • SHA512

    ff709a360d5a3e8bfba56574d8672d7b00439a70b1f856661fe486d79f1a9baac4179214cb0d04c581f01470cb73614a9d6adfe40c04d4ead8f0707d63ab1c5a

  • SSDEEP

    1536:7Cu4MsvSHLRpIzlnouKZYZNPxy56hG9Xyq2coCNdJD2Dr+BEd/0A:7Cu4MUELsz1KZQHhG9Cq2UjJ6Hrd7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NPAS_OUTSTANDING_AMOUNT_ATTACHED-_E-FILLING_(1)_(1).pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://drive-energy-1422.my.salesforce.com/sfc/p/WS000002NCVZ/a/WS0000004ZIX/8tylRpDlvTgDuY1sJ_tiNmU4ilyqkszLWf9f1jbPGig
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7cedcf95b8bff9b30d9f8bc97992348c

    SHA1

    c3a2b0b740ca4aba4432b564eedabac823b28c8f

    SHA256

    06e7807439191addd910828e8190774cded8f899cd961e166f550487a5cdd790

    SHA512

    cbcf852c5312637336165c2b5b2dcab3e4b3ea117c01a9cfa8861c0d52fc6ded041fa40a66e380004ab2fe9bd9ec10ed271f5f8fa6d447d04be0229c9be45890

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a13de28bca7ea4f78dcc78f050598628

    SHA1

    9e207749b83e3aa0fb17e4a338ac35d074e2a272

    SHA256

    632f786a6a36b64a4ba400f48ed83461000f7ab0e42c317d6163c6bdf904773e

    SHA512

    0626881b903072f1a95829647e013626e4264caf46e341b63789fc2839d691b695c9349fa45b0f769de7fd3c8a02987d9f97369596f3d02c2f958ecc20fcbdfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1202ffe0a66216f1d576b1399ea1d76c

    SHA1

    3055d9c7f6890e475f7f73608035debe07c55f25

    SHA256

    25a570d89ce9cf939ab6a1bbd1b3bcd60487373b1d17fa16d6313950e594d3c3

    SHA512

    606b08a71e2f0a12a16aa5a7c74b6fc6b2a4e136442d5bfd2bd7c0b4ab6fbd0346757189d27ce614febed42a47056dc8891f801ac7c382fad12243ddd08eda63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f66319f211b9b10528ca2b6e36c2ee0e

    SHA1

    05ec042f4b46a3d297ef1ea6ddc7333df3dafcaa

    SHA256

    faf3657b901bd715f87267a5e71833ff3774259d5ab9e529cbe9282d5477555b

    SHA512

    7874e69266a1e4fe669baf85a51afbad72502faf2d9b980476b3fa764961a337a3b686761739ab58bc8112f06af58208d14849255cdac82546b6523bbf8f1551

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9565c2886d2f4d1f711556da1cbbb29c

    SHA1

    300eb6ebd739c82989cc8996f527d3ba4fb23ff6

    SHA256

    c5e41a016a568e8f6888fbf1486d9e70318dd17703f265a17cffd1c7f5207b35

    SHA512

    79586d8f360d654287bf4876b4486ed5d3aca11e07b5cb41783f011aaeab418a8261539d67851cf1f36dc9dd9b5c99c174038c73e384e0ddc7d79ea82a2f8442

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ba7be05973b5dd2c40c2d8326fabdc1a

    SHA1

    aa118d548cb4a67015f5511ef461db0310b30221

    SHA256

    cd2958433a401c556dad47daa5896d5a392dedb9c484b22614cfd2fc81bfbee9

    SHA512

    6d2a29bbf018b14254722300ae3f4346fb4623c3dee738d919bbb6249758095c723e71dcfeeb1fc7b562b0a985a358257f72e4da409c7b6a1581dc79b8d03eb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c31cb393f934f55581e6b97bdab5d57e

    SHA1

    7693af7641c22fd4956e14ac24575097ceff9096

    SHA256

    56314502a53948085676498cd229ebd5cc0f37d2aa29ff2942cf814be745554d

    SHA512

    a23cbba0a28e3e396410e5162903dff0f2f060ace9922cd2b38fc326a95f844a10c2381f471fc5b1d2b94cb605a03a1dc853d8bcfcbf7d20798ac4429dcd85ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c798506c7953c3897e2586bf6d4ee8a1

    SHA1

    1addf743ef67882867ff2922b34eb5517eaf43c8

    SHA256

    4fe8b1ad2843dc57b5577981f9548569449d0856c3b34772377af52d98046dd6

    SHA512

    9c1a08a8573397b4ab77578c3a65343853e30d6c97cc601b2c29a53907b3fc751bbddf30df5bbe59b177ad4a16a170e18dee18ecd87b4bf0b9710d5562fe3eea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7547b2990b91a95572d41c08056f6d08

    SHA1

    8b03c18cefd04c922eb24a024e811e203fd3f53b

    SHA256

    73017470733d988901d610774a30fa64da24b4577708200e7070005233afefd9

    SHA512

    7b4ba63422eb0980bced98885d4d00ce955fe5c203cfc99e50783d70a26bf44e6ff16b3a4595e9059842ca9bf32eb01ad7f151c87a8841dcf5acd5f710789e86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9de65703016580f630307b42465d32b

    SHA1

    6e8361723219b20a28d509f318fb492a37ab7d94

    SHA256

    6ef1222d6058b5160d6b5dc10569e1452153adc0a879e60b39201efed66d16e4

    SHA512

    24366ab970c240361acf18722461f79afeeaead16974f8b07a792d79e88c48e5f90d48735b20ee81f1e9049e8fef4deceea4c6bcd0b71de2e4825b043ccae8b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f70fb63b3ca6946cc364a7517b0633c

    SHA1

    3974b1fbb9ac4525d83db1d821f15cb7da3c4c93

    SHA256

    32cb0bc3ae84979374500736763b41ddf465a314f93fa9b6b33e1b73040a75e5

    SHA512

    2eac2b931141d5195d7eff382209a3db57f716d4742423a651f00de79c797d8012e8a46ce933eb5cf32ac1d7be914c734e61f49178c5ddb7db1a4954d24c1b73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    37a0cc3f7f0609e4ddf78747a6d60763

    SHA1

    b3992ad1e95eeecaa9117d4d2e751e5721063e85

    SHA256

    c430dbc29de95da5b006902775362fcc56c8f7ab7af3dccc9466f7b8aabc45f7

    SHA512

    12025fb5c66729f1a4a6cbc74f2f8c7c8f942d6a74c33ff2103005adab57df38a56cdc0d9a6c0b4af6aa2837a50b5183147c3af8f09f2a16236d40bab8530895

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22777c007993b59ab8db22044e937f94

    SHA1

    06896f7e9baf60bcf14c1a935ec1852b0a55b2b7

    SHA256

    2709c9f7be42989ead5bac92d53e7f886d8175a28b4523954791ec37dd480b4d

    SHA512

    ed987c115597763cb7ebcaaa14bff7ff78e0883af23c98168267c2edd5151bfe2b0150c18bbc5ffed2114c98be42ba4b36dfb9c308efdb6cd2196b2a9c4a8c5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    406eb85d5659897652e4d017f4ddbdb8

    SHA1

    a83978f2f000b210725cb8f0b566f69c00b8c07c

    SHA256

    d2a089c1a6383409300eb9cb3d92908c694b3678e1ef170e22ac4367865271d3

    SHA512

    a300e91777873ae6118a4d5d32cb54e169dee7ca0f1134e5f8d023d7f31d530d11b1190f62257ca9bacbe749dad034aa0fe881cb14ebb898bca91f73182922cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db50eb828a76cd152ae3e87f0e29181a

    SHA1

    46e3d7fb82057237d0b14db88fce92248a1567b9

    SHA256

    07a6130c70f6886c30b1c23e4fea0e2442fb4cbf379614b7533cf77250ca88ff

    SHA512

    726359f005c2dfafb4e1c49c1ce2b93ef3be947afa99490fd475627836b140272ee951c6b2f4dfb3cb8fe59aec915f9e1b0f4e1ba153939c28ac073b2c8e98c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fdbca51fc842945753de687b2d98aeb4

    SHA1

    3736f4ba9c99fee2daf82cc9fa7a8ce0641fd35a

    SHA256

    609d3b0fcbac7b13226be49b7a81c0d254ba8e113d8693c40b61370a01d709e4

    SHA512

    f5d0af96cec4c7068b8b1dd2fe6100997aaea62934cbb5976e9d0b24375031a14397dd7843dc632e4cf24c3e2cff423d20231bcbc7e7a82fb217cab4b5acec3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7c66e6bd83a26cdebc78ae1c8214998

    SHA1

    4ae72eb799a1ea5d6b151528e957a0269c59d42b

    SHA256

    2826b3e6e0f9b0569068277825f88d6e9f881d16c7cea11d352573fe3c079094

    SHA512

    4e9418db6232366456496279f36da8ca69aa9f8299cfd3ee111801dd12934fb23d9ce7fe787f006edf2a87985f5c38374dfded5167d6d15ee94f78c3c8042de5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    353ab1b1f7d7ded1167ea71761e8047b

    SHA1

    9edc299ef888cecb533de204dfb413b1dddb1ab7

    SHA256

    f8625fc00779965a134f8f31a5e2e3b8c5be26d2ca26d5f36562eebfa9717fef

    SHA512

    50d7ac5db1c47f24031707f9801819092c09ff50e35c2a1fc0632d4d3871fce2e585039de657bf7efc7574f6caf235b6d1cd60f949ded70f2e49935dda486107

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92mvs6j\imagestore.dat
    Filesize

    5KB

    MD5

    ea6ff7ed9269e1ac53d41f68f22fb848

    SHA1

    2363d0af53adf5daf0671689aff597592b55a174

    SHA256

    85e4ac6d351f0e83fa70e30677a6413be257b933ad66be0888adae156c87f317

    SHA512

    7d497fe2650a4f3dd546c99b8d83a01e5e3349ded82ac54b4415d027d75720a14002850a9866313684012a85d06fc3518efa73f0feb6379ab94fe21b66ead346

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J8SD872Q\contentDistribution[1].css
    Filesize

    10KB

    MD5

    9f7acc1956ce07431c262b4ad9125c63

    SHA1

    7639033a3b7260313eb334ba4ce76411cf79d684

    SHA256

    dbe9852814c46a8da6da12ff49f4887fa70cadde16c878957c0b6ba4aa1045ec

    SHA512

    da85d6057fb9d42754db7fa30c13aa2f88548319ae18fe14db9c4f4979206d87c69656ebf69c06fc5d52e58c48f32bc94f3cefd6754534fdb025816b26f93d1a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNCIS1YI\favicon[1].ico
    Filesize

    5KB

    MD5

    ccda8df05e9a37b3131afd4d451b44ec

    SHA1

    ed9d0f9c4224fbd4c768be237b4b59f27f1b718c

    SHA256

    92842fc6c2f66b46f69458c14621fc2eca5d6c02d7937f9124fe8a3a9a55bc91

    SHA512

    a91f53c07b327c35864fe903acfe30afe2de3c26fdce1bdbf65842598b3a7b2fb19e54de27495519bf1e2a2bf7358561da16e931324e5b1112da4fe7efe4bc7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTL9DZJ3\AC_OETags[1].js
    Filesize

    11KB

    MD5

    9494f3d18a638cec3b6a3576a61b7e7f

    SHA1

    999e9bc8b88880619a3d36211c1c0634df7545fc

    SHA256

    38017d2158918ed723102db845d16699dfef7c01a3a40fe10eee7528988e28e5

    SHA512

    bc3572ecabcda26d5946b824d3831a7c4129d3e50050b67203742678b3f98e304476283aa13f067d2e851b22f33e827a98036f56327a2f81262c6de1a82cc984

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC3ED.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC3EF.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    9b437696264d4571c9deb2f4fc4adc7c

    SHA1

    a08b5fbd54a1230417a3b4b739b261f1b7508675

    SHA256

    19a206372b62564f2c39f87975be229357c88a208ab6a517ff5e7196a0715c67

    SHA512

    808e51aad3a78f4c4714ae738a3e496035fa9dd21a22cb9f550f84b16bae2d8e5f124f5556d2452122836ae2fbc085302512e242d3ddf5ddf04b0e86cc941e48

    Download Submit