Analysis
-
max time kernel
122s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
06-08-2024 17:21
General
-
Target
Ref-Quotation.pdf
-
Size
7KB
-
MD5
3afee0850cb4ac806103dd7029c99dec
-
SHA1
81db120f09c5ee62d785ea7fc76d2065362d8d3c
-
SHA256
c00313aabcfd55989bbd839a80dcdd52fe4f08911bba68a5f9acfcc463cf8602
-
SHA512
a410572f6aec8153fc5a6f5744ea9064d9730d6c6258a4ac5f244840105afb15fc726e0b9d4b0d28084aeb2dfceceff249b25bcd5b15f846fcc08e6a1004a502
-
SSDEEP
96:YEcrIq5gt/vsHuMp18EtTkYVkZmsJSJlkOCKeLDkaITVIcxe4vnWcrV:2Iq5OvsppmEJl2rAZoDkj7nTV
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 28 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Ref-Quotation.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://dl.discreetshare.com/66b1cfd7a56532fd220356492⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD571d3b2dbba4c56a9154f33994adaff4a
SHA1b701e414f7f68af1355639627670cc640b555d16
SHA256bce3f78cda302cfdb50c231184e544eb58083345f60edc9947b01d3fead92d3a
SHA512d3f1973f6f9a57765e8643ce2e7ae00c628ebb77543100dff833e8109efccf72ac051febb33e8eac52dcd6925253d2305d576a55d98f67dbc00aeaad03e3e9d1
-
Filesize
342B
MD523b836820f293d1d8ab59da3fce15a00
SHA1227aca024bbe4a9b03d36acecf3e73b1b1b7dd65
SHA256f67a593536de20f9ddc7f1669d8a1b9982172f067e084d446b2012552e7dc499
SHA5120a8d226e5cc7e3311dd2eb7737ece8ea44fdf7efa8c90275ff0e50e95e754931ba7ad2616bba408e0eeb9a58eb07c8c6bbffc68df726f6f7539f4ff6606d3884
-
Filesize
342B
MD545bb386dc1834b3bf0a27499b68506da
SHA17dae93b27e51cd4f6f460110a4e5434a07a144da
SHA256e99e804ae53ee7a964e44a549a22f4068c0feba29e33bcec773a58955ac21014
SHA5120e888871fb828a771c49db997be248d3e4ddb62e1c74e9b61b75969a42282488fc633b94947a85f13f3781d9571f677d6fe97c6df62c58ca5f68e5dbda04c6d1
-
Filesize
342B
MD5a98bca98dbcd991c39cff90e7c3f7b5f
SHA1505f286b436309fb7e153e2faf8b48ded3afdf4a
SHA25696f74189f37fd3b1a14d4cc4ac29f15613847b0a88c60b06738be8fcf669dc09
SHA512b84a47597663a8e200df23826d50fd3bf5d35d47a97b384e644716ca590ee32b4590004809f394c795d9c2e5f61ef71a7457760ee442eeb3427ddac487d396a8
-
Filesize
342B
MD540d1e28038c041f29e8cba0f8d7954b9
SHA110b6afd0ef627b18e77b0962f1a2906818bbff7e
SHA25601797e3a06f77409d56e3bebf73a1bc12496eec3b8bbeb72540d84c771b39130
SHA51242c47a73a4a2dd4774ee41db218358021051a81b0f8f4a6b4a7918a99b19a02f3249893ca7a7db74e995bef4242bddcb4c19dc86e1ab77cea4ae33db53a458d8
-
Filesize
342B
MD51e26a606823eb6acc93a05f3b7b7e619
SHA183aa8d74922e4a48c24b37f20479539df9510763
SHA256dd369701e0c9acea028f13e39aaee5861b64ff6bac3069b9be3aec424c1cbf99
SHA51262d6b333ab375a76fcba3a67018300fa587a7b56ce31a4e55235769e95a09fb5598a3cc6b05db48829a538e4467edcae99fbd9ccd5c15063df7e75347bf93c77
-
Filesize
342B
MD51de840f1238de5ffd2964c53f5633939
SHA1178ddfa87b813ea6fe7a2b6b86da4340f43f934d
SHA256301728273845edaa84dcd4bd2ad83d24f3bdc6e0b5709b21e767031a6de897ad
SHA512ede0f4f9d5bb05da311f1ada9c989435311c61d11c644baeb8755af07b248537ffa7e60b29566d44ea86326f589abab2a9b5119ea8f6e2b9b728d5ba57a0d57e
-
Filesize
342B
MD5a5997b51c7b08fe3b57a8aeeb6215cfa
SHA1c14c3a0e8743814fd324351989ff5f217bb80aa8
SHA25676025c7f174554b1e816f96e678f131840da06de2f50419cddb096ef57fcdaf4
SHA512f65c789a545b27a3573b32005ecc9c0d2ed9b477b23f27de97d228592cabcfc4a64283c50057feb84cc6c3b3f136dcba47bbb2be6de80afe525df98efdb44879
-
Filesize
342B
MD5b747f4c6c4637ae72a5be4a8e7b04e5d
SHA1e381289f0fd4627df92d489459dbea1282e572db
SHA256e401a3810b13f2798c4a8e84d8425c0cfd6b36e3d7b9bf8e4cb011211811591a
SHA5125e84b11ee0d4b1247d563026000bc099c690b0f2af85cdece0b3bf8651c85b875774c6c88a720bcc23bba5dfa27d975152e25c26e0346cf3b4dbcd7ae4635e8b
-
Filesize
342B
MD5e1b286a7474f4ab71644b973ac2b9e58
SHA16d21799a95aefb514777fe8f2cc4a4d3e79dce82
SHA2562c92a5025db2448be0504527d5a9641ed12fa00f594a03f6f9865946d8ed5cd5
SHA5120e816e9c9b0e567bab9963d075021588bf4ff6fae45fe2bea5309044c461b89ac99b99cdcd86b9be709e1569fdf4630fc0ba07b8c3db6858ab868f207f745241
-
Filesize
342B
MD5c913c69c4d423fdce656665a32fd3125
SHA1c37d7f51857b1bb34c1cda64e392de755d6ea49a
SHA2561f8a4845329526c4431850ee48b0d2a375673b051b92e95f0357f888fe1a6640
SHA512dae87362789260f888b5f0ef8f0a870e58596bd6852745d4e20a5dd7a5cefbd09c3e7d63720793b6f832e597a98ab4dfe3b33ff4181ff255e03e1291cd29f7d5
-
Filesize
242B
MD59df433656e67db1a623a6bbaf7c61714
SHA19ef1c8dfce7c8cf0e675aaeadbfc34efa6f21592
SHA2561a8330308828dba959bc077df330cd0a0bac2f24e2e691b2ee57d6ff57593abf
SHA512c3398e3789ed42069c4413eeb8f2e10848d74d9a308f719f477e781397527c174d7e74d45669ee227d2cc71119c6b167870d09c99ab05e6039ce02c866018f6f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
3KB
MD54dbe85a601866de427748b05c896c282
SHA1f4de8eb7556cf875f74e2af625f14bf03585b0c3
SHA2565f74533152411a247e63b01ee02ea64112fe7941f2e133297bd9d1700c6eaa5c
SHA512b90109be7cbed02ee42204707e56d2f83c4241aa32dafbb4287fb0b83a91008a2fe2bb6a32e841b40ae08925af59625960c0fc81cce9788e3d0cce5bb727c32b