Resubmissions

23-07-2024 15:51

240723-tav2jaxgkn 5

23-07-2024 15:46

240723-s71slsxfkk 3

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240708-es
  • resource tags

    arch:x64arch:x86image:win7-20240708-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    23-07-2024 15:46

General

  • Target

    CFEMAIL.CUENTA.rcKTC2AzYK.pdf

  • Size

    44KB

  • MD5

    5927b4029ba2abb51e776c62c235ace0

  • SHA1

    1cf1c62144bbd8d4ea5f4c21306bd380328f0ee5

  • SHA256

    17b460d0a8f459aa9a06d57f2ef27b8fc92bb05b4374bd329efcc720f22d88e5

  • SHA512

    4ccc5f71362fa99414fca416145cd88c8794f91977d4375e1ce323782d16e324ea08148539b0d149008fa74ffacf4cb133ba23478fcef5b7f9830f2e04eedef4

  • SSDEEP

    768:KPDkOyLcqI4m40ZWyAVTX3Bo9u++qPhtxyQnIkQ+XoyMGZC3ZEODFzp:WiLVV7QvbPhtxyQIkQQoaZCKODFd

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CFEMAIL.CUENTA.rcKTC2AzYK.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2884
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70a9758,0x7fef70a9768,0x7fef70a9778
      2⤵
        PID:332
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:2
        2⤵
          PID:2192
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:8
          2⤵
            PID:1196
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1516 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:8
            2⤵
              PID:2616
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:1
              2⤵
                PID:1412
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:1
                2⤵
                  PID:1556
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3228 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:2
                  2⤵
                    PID:976
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1244 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:1
                    2⤵
                      PID:1420
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:8
                      2⤵
                        PID:928
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3868 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:1
                        2⤵
                          PID:1688
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2444 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:1
                          2⤵
                            PID:2660
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3960 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:1
                            2⤵
                              PID:3000
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3696 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:1
                              2⤵
                                PID:1976
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2128 --field-trial-handle=1304,i,192787249060022828,3326123177641695162,131072 /prefetch:1
                                2⤵
                                  PID:2668
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                1⤵
                                  PID:2300

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                  Filesize

                                  342B

                                  MD5

                                  7c2308946fae0f9425ecff32cb1e7e3e

                                  SHA1

                                  83c384a455393d42e1a5e9554a1b18140bc5e111

                                  SHA256

                                  1b2af7e6e75c11f86dc6df1e5d97298bc3ae537abd92f8ac359df6f5a3da1d05

                                  SHA512

                                  26112fa75790377480c8c4517029859a03031fbe96369f4424d146b18331ece566309e783a80fad5a72b31145c5affc23110d6186f8cce72509524bb59d16de0

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                  Filesize

                                  342B

                                  MD5

                                  bc330bd94b7b77cefefbd1041ddf9830

                                  SHA1

                                  2dfe9a2ec4b906565c733280bbb96dcef7e40c8e

                                  SHA256

                                  87d2ceb9ac77e0d8507cc2268d535d49a383c9473ee14f243e8b037d74e5c4d3

                                  SHA512

                                  76d8a227cb81dde17bfc5acb0fa55b6982cb39b31e5671764229d4e7b6c2d0ea46bb4daff6baf26093b4c936e2d62b6b703a77087bcad13e4b97f387603de115

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                  Filesize

                                  342B

                                  MD5

                                  e64114af5dab7a2e9ca6b13ec882760d

                                  SHA1

                                  99eaa8f8ef7c859e2af10e5b72f40b1b4752b14e

                                  SHA256

                                  1d183938a621fb73d810f67dbebcc4ed5febc82090a5354fdf1eb21d49b50614

                                  SHA512

                                  0be32a91bc75ba6df6c875c127157a3721c1113080a1068e762638c82d8b86574420712bb34cb47d1212dd0a9a785ea9f61e35c8ea5b0b1caf74f96b4603b094

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

                                  Filesize

                                  211KB

                                  MD5

                                  151fb811968eaf8efb840908b89dc9d4

                                  SHA1

                                  7ec811009fd9b0e6d92d12d78b002275f2f1bee1

                                  SHA256

                                  043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

                                  SHA512

                                  83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                  Filesize

                                  264KB

                                  MD5

                                  f50f89a0a91564d0b8a211f8921aa7de

                                  SHA1

                                  112403a17dd69d5b9018b8cede023cb3b54eab7d

                                  SHA256

                                  b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                  SHA512

                                  bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  4dc9676a7b721d9230a3ec3d767b70da

                                  SHA1

                                  5d9f0b82f7fb3bfdc3cbac9de9a7c8b8acc20f4b

                                  SHA256

                                  80418eaf97b9ce7e1c0a4229e785edf5a16e40372acc7ab1a9ac4548ffaad3d6

                                  SHA512

                                  ba96310a38fa172a03dfea1a8a9a0feb2a86a487bab1a121e1d4f66e7b4e3d5a0344221879ea8277a42ffae52095d9cf62d1552377c31bd5d3e1d0ba19090cdb

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  363B

                                  MD5

                                  67deee08b3cff3543e8f2b7187f3c892

                                  SHA1

                                  be3b3dbfef1c43e8f9e97f3a5359eeaaf0b35568

                                  SHA256

                                  61b7859c9caa9410885d4981aba11fc03cb76025b27fcb73ba14333e7d1a0da0

                                  SHA512

                                  d892cb75e01652ccd25f52b34bbbc2e50d143f5080067f5bf676bc061ab126c67f68b27c30273de7b566ba7acf6e0cebb1ebb1bcf606c5e287e50b9ea8c5af6e

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  8b2eff7882de3ab2864377bdc1d7e1a7

                                  SHA1

                                  7b4a5bded6b01d43974e87cc34980d3168f67227

                                  SHA256

                                  5b981e2e0465be7ca036b1e77efa27169068e0a45048efd12310f8d48f574484

                                  SHA512

                                  6fea343b05cf299529f5134411d3d77d81f2beda925fb9f6a3e0919f8a5640031c1c22113922270c094cca9a5d2c843045f2a68c22a729fefcd4a57098d460df

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  39eb93c673831ae009bdcb37d1941cfb

                                  SHA1

                                  6028776c2e3864989c80260b40e5c3d5a6df14cb

                                  SHA256

                                  35a1a3b36f74929f84d6a890fb5f625fc525b25ffedfd032ddb8451ca07d01d7

                                  SHA512

                                  31fa099b2df9e62d797db26eaba2a456c6f068174cf168f0d7891c8d0841c4eb93d51c546a4c6002d10a20524474ae4b41d4678b1e9bebdcbf4611a70a89bb8a

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  4KB

                                  MD5

                                  4bb19579b9052d0dad1046a562598221

                                  SHA1

                                  8deda369a97716e105dd1cb66c2760bb9de5fe92

                                  SHA256

                                  c31c995a494bfb6d2a8c275fa00f8fd94a8551032b99ccd38956b9a325bf6fbe

                                  SHA512

                                  e9e44c087736971a40bc657c77c1190ff57a47898c808a5cbd070922faa9cb7e594b6dd7a0330f47416751897b06a0d97d242a1ade4c9fd8f303a1e0cc4a88f1

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  4KB

                                  MD5

                                  c63a7c679b699ea52f9394a08d2f311f

                                  SHA1

                                  a6044fc2426f71794e95702eb1e81ea6f8b9e647

                                  SHA256

                                  54bc033c6d46d8c5b87496cf59eb73921cc04658b67098a8e2173c5f9a81ef83

                                  SHA512

                                  94519b1c237ab2ad89dee717cc5e63fc3021ba9e418248c91537a87fcfbe9574b8eefd094bc3dfe12ff3ff4a36e30b124cbe1f3e768b1d6a8fcd81a12c60b435

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  4KB

                                  MD5

                                  dd534694442436238f74799ab6c799c2

                                  SHA1

                                  8110b82d0bd9d6cfbabd5f2b2d3fc1efb69abcd8

                                  SHA256

                                  00611b73cec2f739d55c14cf23d9df604ca0038d013b1b5bfe3afee818f562b7

                                  SHA512

                                  22ca0db014943fa3c0f38c7cdffd728456d2ae229998ea8730a0a2d68deab02f4d95603e8a33ca7aceca7234740247a4bb3a05ed7b60c3b07b51a5ef0943ff06

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

                                  Filesize

                                  16B

                                  MD5

                                  18e723571b00fb1694a3bad6c78e4054

                                  SHA1

                                  afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                  SHA256

                                  8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                  SHA512

                                  43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  308KB

                                  MD5

                                  6909e4740c98976c96d3b627b887fc5a

                                  SHA1

                                  3c95ae01e336dc9f0f2b3a1f4fcea5187e3259c5

                                  SHA256

                                  fd41f4bf223f78fa3d52fafcbcf9e4d729b440f2e623538a37de7581cf0a5b8e

                                  SHA512

                                  ddf5bdb75593b14751cea2e6cb874e0ca57d8c213b98d139503e7c4c32568a3e3ac0bddb1b1ba805a6aba2ce7abea43a91bc648a62be6e578f3d2246e8cdb72b

                                • C:\Users\Admin\AppData\Local\Temp\CabBEEE.tmp

                                  Filesize

                                  70KB

                                  MD5

                                  49aebf8cbd62d92ac215b2923fb1b9f5

                                  SHA1

                                  1723be06719828dda65ad804298d0431f6aff976

                                  SHA256

                                  b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                                  SHA512

                                  bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                                • C:\Users\Admin\AppData\Local\Temp\TarBF00.tmp

                                  Filesize

                                  181KB

                                  MD5

                                  4ea6026cf93ec6338144661bf1202cd1

                                  SHA1

                                  a1dec9044f750ad887935a01430bf49322fbdcb7

                                  SHA256

                                  8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                                  SHA512

                                  6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                                • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

                                  Filesize

                                  3KB

                                  MD5

                                  546ead4a32237006f3ab52adb9152ae0

                                  SHA1

                                  28614e69fd7d5c0128bde1d18329b1febb3e3602

                                  SHA256

                                  06c6ed3f35498e9f018f8863ddead15bef37a13434317184d7a09c02eba391fd

                                  SHA512

                                  da67d663934f1cb73bdbd523560059e68e2bf51db962a935b7db25cb8c2659204a6cbe9d3e2911225f298bae71f3c5543ddd9bfbf1322af129e6e1233c63d70f

                                • memory/2884-0-0x0000000003380000-0x00000000033F6000-memory.dmp

                                  Filesize

                                  472KB