Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    25-06-2024 05:02

General

  • Target

    AD-Scan Att_234929 for shoal.amiet.pdf

  • Size

    56KB

  • MD5

    8459137e4b834f9cdf497820aa3ff350

  • SHA1

    a2dc5270eca174611e0b0d069f33b3cb86537d5d

  • SHA256

    62d6b01be5b799c0116c88b479d29101e98dc14973f37258609b6ecea85778d0

  • SHA512

    ddd56cdb4febf9e38fae50c49010d9bdcaaca9f12bc65a804f07dca8cdc46c53e6cd3399a7888b5adf4b6a2aec7305d7ac9d54dfbbd1c0990f2b588a8a83c180

  • SSDEEP

    1536:dyTLfEZFirPNU3Sq6nqqX94Owz5AZp13zHYHLDnE:ZFMOwDwz5QfELDE

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AD-Scan Att_234929 for shoal.amiet.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" "file:///C|/Users/Admin/AppData/Local/Temp/AD-Scan Att_234929 for shoal.amiet.pdf#"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    06eea55b29bab914d0e2381da1de98b6

    SHA1

    e54d51d3b71fbed0aed4812dffe0f93f2754437f

    SHA256

    ea4cef97dcb3c855f7dfb05d59d4f45c022f00226bcdb77e005853f5f1d05d6e

    SHA512

    7a0ddfd3c85d4a1d35d8ed41cd00ca0f571ec4a03017e8edca3688038cc4fa965b745abce33a00cd6c213a78223209bd1c93a8a227108cbd8bcb6bde71dd076a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cfc47f488fad133d6a480814a6b428f2

    SHA1

    fff5f8f79b5f1009272e37a19a91a6cca13a7ddf

    SHA256

    9ff65a15a363c2ce15affe1fe40532f43cadc28a2848bce33d0ee898361f77f2

    SHA512

    7aa30802dfcbbbb9cbb46b81290e6cc56c8e77837607dd2219d3694ab56fb52aa4509f8486767c50da70a9a9798e1e4ee9c994b704565763776ed338c75ffe26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    50515354154134aa60f4702e90636214

    SHA1

    2e4085d2806ba5e013fd77cd71f64c255bcfb64c

    SHA256

    72a67e5096dd92c342535de84a5ed88622165c531e17d06de50a84756182e5a3

    SHA512

    adead01d74ee2582f21936e398afc7cbf0216ab78ea4553e07bf21060fd46d833eb61174aa44a2948790c695b6705a9fdc51b6d4545c6518f2b6ee1a3f98e921

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a866044d360e386eebd1c81e9615564c

    SHA1

    c636b3926d0386bae6376b64d102eac5daeb0658

    SHA256

    ef878ca1281eda808589736809afb4bd56f8816494185ae612b1b2776ffe9bf7

    SHA512

    f43f2c289c7eeb88ea0c5075a243512a14732c874eff94e9b1b4eb3f9d5c7ea62398fc3a1d907f20721c5b6302645cd2938006c1fd5ee594ab10ba9e5da3c44a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    39f7017750c28478b040c30c96728386

    SHA1

    92e8a2a653820d097c212254a583a5277f037c2a

    SHA256

    21a7f268fca1025d6a3bb936b29520c2780b5b9c221abd72a8aee99fd4283ea5

    SHA512

    6416e8f08576ec5fa830c36b3be6e5f71ebb012203c617cd183b191d88c8e1e1694e6b876d8627667d52016ced69da97316ceee955ccf2b5d62db36b9f5b6871

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e60624aab4e576993e4b33f5c1164d38

    SHA1

    e1b15ae0a48b5d75d6fe0679a666da47ea6f3fcb

    SHA256

    8b4efbca43fad1bfa0ec845a08b3095c95e0a0209854f3d7b0295b91b86c6e8a

    SHA512

    f2940cc1ba9d78f0fb86dd84b50acec936f91abac97acbd546947eca78cfaf83bb414938c73acc8ba0e3f01850cdfe44211f22357843069ea02d08a03dc7a435

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4c8463c36bc453c48996a74ca3ad065d

    SHA1

    0c6712146b2baaffa2824db6bd02bffc60b8405f

    SHA256

    8978fb6f0b10802c7c1eb66039f42f654ff2878973292a1e96f262cdd29481d2

    SHA512

    c3b976f1855164e48efbf18a7cba1442753d5d64ba181b52f339d40d56069c1aa43eddf5cb5964ece37082135fe32c06a18b62d2b27d82f1cb9ae792185f2d01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    26b27d4a35ff6193b8b128b73d865412

    SHA1

    9f62e5de23ed666288af6e94b145aece047575cc

    SHA256

    8e16d75439e1db1f614465cd891a42ebcc72603fca90bfb5bf71bdf62a6883a1

    SHA512

    eb947e59139bea02d2e3f4fc22803671179425a45cb418c1d14759daf7c6c07ef5e29dcb752ef9cec6e2a48b049e862340e36144f7fdab646bdadc7c0ed7ce35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e919738e3dae5f5579f1306f63a857e4

    SHA1

    2f03252f02511890ae95b6daab2186117dd1f73c

    SHA256

    3df0afea591eefaab13f127a3b169b86ab802eedda88c5d222c1e1e66684d321

    SHA512

    e5c979bc354912f62b08e877e8c38c25705db3f87c9d8d61293e47240cd23f197ce4965a311ad43d53082a618902a797fcb2a8b7e93515073ac7138b0954a359

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    964dcb301f3a8576e199e53ca260a23d

    SHA1

    bd02343b46bbae9746ac21e9be4a0d1d14e5cd34

    SHA256

    7361881d532eef57a3e4e1cfa846aca2d75a99ad0c90999324801434b1037076

    SHA512

    60575e0fb0cbb34d5340808aed4363bde3c7c83f8de54fb73d0d97f79ca85fce647bf64a92cd7ff4149176f425c2297507a00429e375be4845956afd8c1740e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9f94065db1c733dfecfd1c5f74098a1d

    SHA1

    2c10cd6bba638a9921110eeccabf41799e54b591

    SHA256

    c111b0933feddb5cf6e883d8a762166a0bf1ec21df45d63aa1a00ac164de1716

    SHA512

    52708e8b302349d2a4da420074821fe72e5bc5fd4865e71ef2da2c481a8b729500d73c360bfdad4d0f55feedb5a3de52c499e391c89d965df0cc2c560edfe6e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd8827653d0a9a09b4562d00e5fcbd63

    SHA1

    d7760cc4c9abfa641ff354784d64a0cf6b207baf

    SHA256

    459b96660cb0d3204f0e9257369865e9eba00ba72eaf46aea88c2c398a81960e

    SHA512

    c6e53a6d669775ec67d4978635748eb3f64e0c746be76a9fb594f143bdb8bf56d856478e03fecee5f60442e0c0c12f08fca9fd67da04cf539648207bc304bc4c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    53c9ea9e07ad10021eeef2d6bf4b7232

    SHA1

    a102685fbedf746bcd7bba66bafb0e1035562681

    SHA256

    71b0df4bbfd94146b1ba4a437c4f083690e7731845272410f13c2e12f1e0b775

    SHA512

    b4e29e4808b168bc94c57ffdf813ec019a2a0c37cd71c79b50d34d0cbca517904240e3e3b08bae8c79b46e14c68cdfcd33891fa67a4d1dd7a69ed6806b8a7a4d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b923c4170fd2bb3c01c10bbf7f4a2526

    SHA1

    4d76b61c4887ad5a1e97c3b686fa1bd9c19b997b

    SHA256

    0094e6296ff3bfb1ea5fc25d23c3cff9ff684c94219d54b452f252ca3f48fbb6

    SHA512

    301e78b2a9387a10d5d6a9d0180693c5aa1ef3b2bfda18f1426ed88f4e0dd3e84d89e2e1cabc8695e66b3a65162661b5a8359e1e1ca737a7de4531d35fb6cb12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8a88a69a0a3e2a8aac213b60fbd00d78

    SHA1

    b7cbe64464511f83b4fc0bc56d421abab3e5f6d4

    SHA256

    b4816cc7998826757a51dbd59f6dd9a805fc6f4502d52c228bcfd06042e4929c

    SHA512

    790b6413fc41205fabbf57080b744769603b918613e47e3d4b81d2c1a3721ef9da6543087f0041f3ae99a9106ab536daca4adfdc66ea89c87140154551f4eb69

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ae48d065bd7e4cb6c5c91ad3d53e4d3

    SHA1

    80da68d767ec92c7cfb691b9460461a432eb9c85

    SHA256

    721745941540585de25c69e486a2de6fc06fd1440a31f5b92b1ac5c3c55663c9

    SHA512

    509cff3f9ba4d7714f70deb6c13ed2d6b65970b3df3b985b754fc3a78680a4029ef0d08184589da6619cb118584340a9d1cd6d881188bc0bbea4d799deab56df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d87d995971586fc685039aefc417f8b9

    SHA1

    0d2fc009fb4c50150c4396f77a2ebc73e22013bd

    SHA256

    06d8e13c507e689978647d919f1c157ac6e009941b039010f132ffe2d498dda0

    SHA512

    c2bfde4b450ed8064ea24810ce44738d9e99dcd05429cbe7d4aa9dfb34fbe05f8f197d4c3556c093f200740e11581f5b6b9cb7d42406b16852eeeb84fd9029c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d923a807d4bb6ec777e6ca55295d6f84

    SHA1

    f9b9d18106d35057b311dfb27ffb8ef1d8f4e0a5

    SHA256

    f3ca5e2137416075359b5746f4dd94c3d9910dc67086c71496539ee1499fb619

    SHA512

    78bff754a7d7fd78e7a525a0607bfcb442ebe95912a1d2c0f8267aa91301c6d94cd8261ac2597201040bb32459ef2effbecdde7f2fb2a05eac393c18843f264a

  • C:\Users\Admin\AppData\Local\Temp\Cab7F11.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar7FA5.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    9f9470fa9d649f166b9fbf411f59355e

    SHA1

    b488560cb477b2fe8a7f43add0d5a155c76b09be

    SHA256

    2d3c880a9c18793d17628d1bee359357092f154aa37abd767e1e2d22f4ff2e5e

    SHA512

    79792f622b3de51bfadcc0fca033e70315b19b197a4b4b64bd401702998d35339e045de0a16a03b44842301d396beaa57b7edbaeabe7335f7682e042490c4b93

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin

    Filesize

    70KB

    MD5

    97ba702f6a807ad0757034372085a9be

    SHA1

    92b96754468cbb0b1f839d6e4c313e37b4888012

    SHA256

    d8b8806095ca5a1f7adcc171a5059f9a56739ec7324f65c89a05010dbdb6d529

    SHA512

    4217246459e72524172253f6397da5c7c9e6d99e1fc8d1377770e96d391cdc7e8ec5e140f0f3a2b064d1902bc451435f53c5fdc9922ff20c372f3cd0de884dd4