Overview

overview

9

Static

static

1

WS.PDFelem...ck.bat

windows10-1703-x64

8

WS.PDFelem...in.exe

windows10-1703-x64

4

WS.PDFelem...39.exe

windows10-1703-x64

9

Analysis

  • max time kernel
    155s
  • max time network
    297s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28-05-2024 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WS.PDFelement.Pro.8.3.8.1253/WS.PDFelement.OCR.Plugin/OCR Plugin.exe

  • Size

    388.2MB

  • MD5

    5233557e789b77bc870173335069ec13

  • SHA1

    33bb4146dbf7143da45cc242ea6d58c5c816ca9b

  • SHA256

    fd3292348856a9839771420dbec8706d819bd7e949e47199cf7b8f11ca347ad0

  • SHA512

    783d9c4869d2f932d23683c6461d2cb17b719f47dfd18c96fced1997c63e78daeb6352d1e6bf8d05c47f24b2bce96b162a96af319368cd10bb7b9430b08d2544

  • SSDEEP

    6291456:8D28zzfP+Gsthgb3IpsUS4X79sm/XQuP8yIR8ptYJ92kTLJ4F34P3sKuMTXWSHpU:8D2ozXNsrE4ySX7Pt8yRMWPG2hpB

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe
    "C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp" /SL5="$8022C,406307185,377856,C:\Users\Admin\AppData\Local\Temp\WS.PDFelement.Pro.8.3.8.1253\WS.PDFelement.OCR.Plugin\OCR Plugin.exe"
      2⤵
      • Executes dropped EXE
      PID:4824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-DF14U.tmp\OCR Plugin.tmp
    Filesize

    1.6MB

    MD5

    7da9e674df69abd9ea37759510b29c99

    SHA1

    0235edc5c1fe57b1a046b33a96b1c3462c158a4c

    SHA256

    c5e268d3108185eea0e379c5f53c6dde71cb3d3ea5a23ab974a4e8c0110c846b

    SHA512

    ddc08187733444a7f047ae616afe76bc6b0c8c05d2829f947ad10d3cef820e9c2c2f1322425517124525717de928fe3b85a6d39da52e12f3aec89f034011405f

    Download Submit

  • memory/2332-1-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2332-2-0x0000000000401000-0x0000000000417000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2332-13-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2332-20-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4824-7-0x0000000000400000-0x00000000005B1000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4824-14-0x0000000000400000-0x00000000005B1000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4824-19-0x0000000000400000-0x00000000005B1000-memory.dmp

    Filesize

    1.7MB

    Download