Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2024 05:59

General

  • Target

    Rechnung0192839182.pdf

  • Size

    88KB

  • MD5

    b42da2c97afc62d51147fb36e96a648e

  • SHA1

    ad631d0c4bef6b941bd61ff2860629e654a6c394

  • SHA256

    bfd58f9f8557a8f8e8ddf4fad14a8588d1a529647c5aa170c0ed1bcf065fc287

  • SHA512

    228db4bb8a54a80a19ac47744acb2bc70125bf73f5974b6cf45644544a1af1864a79a0648676904fd859956892c538e8d65d008cca3a8d9c58d6faa0a760a3fb

  • SSDEEP

    1536:oFdBt4uc0o9uqdh+XICvr/HZ9QDUIWEtZgowq8sAsz+2Vb:cfnokwoIar/Htc+sAsz/b

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Rechnung0192839182.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://t.co/dZamaKLBX8
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2620
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:472077 /prefetch:2
        3⤵
          PID:756

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2a93e610b8decc2197cdea8d1d3c3906

      SHA1

      84fd64265dc0378a4311a7a427cc2bcdffc5c8c5

      SHA256

      e4cc28c258d07621dedb4d7172945aa02ac5c2cf9ae86a1592ee04a9178d6354

      SHA512

      a076d2cc867b48e2449e21fc080a742c71869666e78cc049d3571a3aae685f120cdd76ebe9a462af1f02f6ae5347360c4ea4a42875a047f64e0a386a5dd3ee8e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      82e2c24071e1f34a37a420b485ea2e8a

      SHA1

      ecfce2dc8d3b701f6e40251e8ca8c26351d06562

      SHA256

      c51988657f11fdb1b779f25e08d9eb727b589b785f27cb4bdc9a7f14c08eb8c1

      SHA512

      7183c304daf7ff7d6a28d8170d6315f95d52ab72093b019339c0033f64fa4e104621a624356ebfa30ef0e4273be5a6242fd6b5edd9fd3209ec45779f3b3caac4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      15fc95b36d55872f480e0d91afbb5dc7

      SHA1

      f713b1686a4a7faf2b01d273ce4f807582ef3d88

      SHA256

      40006e2f78c0e5d6d8b2eeed2cd037529975b6e366e3ee5ec246123a3e987852

      SHA512

      11d7669381611b2ed88e89e226cf4495d253d0a03bf365b41331357675595548fadf61dd621fade361522d8c61debf0af3dc2389fdf867b9c7559c24e94a99a5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ece76060cf3beb32c013564f9acf8c68

      SHA1

      84476a18e877f2f3d122065a55574995566bad62

      SHA256

      ca58c01a6c43ab0a2e2d957e2636ab35748140844d5d82bf12edb753057d87bd

      SHA512

      9229ed87400ac60580a000d1b3a029f5e3044c24948e37f42f15ef2eaf0226861b54619550e343783d7f49bb5b7ec4f8570c50669ac40ada875afe975f277f35

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      590bbb8f139c32a6aa4ddc9c820e3783

      SHA1

      467a79fa75522bbde85430ae04c3fb287f5956f6

      SHA256

      c587fa3f163bcdd50574bd30e82e4d3c627c2159be736a3f788c02c846c635cc

      SHA512

      c66a0c55a0e1865d82ffe394612f0d13b5d92cbbac2db40b8fd423bcf6b222b650b084a3776a4180c6579dbc08f7a5e3ba1738d1f1fb0ccd404fee682aa64935

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      c00836e070f2a3c41b47e6ae53b3865a

      SHA1

      0b2aea334eab2e3564efb320a4df7a762b73b4bf

      SHA256

      994947921f9af4cd1044a02ef0b08a712882be9f19ed56eb6f5739cc93da5d79

      SHA512

      90315dfb0cc060f568ab74adc02f19f7130b7f2f2c52d57d95f076cd661a06654e8d8293958795fa6b897022a148163d4a2d545b3be5d02c4f498caa31b2d682

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      511a4be20db76e778a7562110db7fd40

      SHA1

      8a8f3575765090a907c0b990701cb7d820dde190

      SHA256

      b167e69214106eb6f0e3c9306b5e448174124461d9a4901b7710a386ecda4c6e

      SHA512

      449147c3350e79adddd51fe19b67a66778c310f9bc653ac673df0f5df2520f6e163984a65a097b58cd9eccf5a0134e332ae857ba852219beaff621a13849498f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      473ec2984f109238c73a02b2e419d166

      SHA1

      35820d0dc28e9fe36792d9c06a2daea72b590ecb

      SHA256

      728fcdf33536f968774d57110cf14720d5b46a2bbab29d7d51028e46af547c8c

      SHA512

      9b6a079126905209d44d9016827ea335b0feb19726d98b10b5ea11be5c1ecb17a9a29da02ea9b392b684e34abde4e2e73638fc691c32963e09f3c78978303e43

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      85cd4cfe0ee45e042b335a3cb29b760b

      SHA1

      9c0b2773fd086ef1745fb4cd4999b442f399d2f9

      SHA256

      41c38a4665d110d5cc10df332944cf2cb6c9d9df6fe5e3dbf7e7b0071550d7c1

      SHA512

      5cc0869d16c5ee071e372a189cf49b6a9b9df32affb36ba84865a31fad849658dc296afedfb70706671cb54f72da659c825d80e3c6c34a32cd932a81b7ecf3b3

    • C:\Users\Admin\AppData\Local\Temp\Cab2981.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar2984.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

      Filesize

      3KB

      MD5

      095c7c463083cff3558d17f94bb60163

      SHA1

      ad728c0e530ae9af25c75a4ff496bd51748d4bc6

      SHA256

      c285a2b62e56c7024765ef76308c37253298035f0e249756928fd47091ecf250

      SHA512

      8f1fdd1c4a92a4c2fb52a77556a70aad80d155a3346e48286c476a7c5f4ffb3bde16473c0218e4c530dcd30956c1ee88a660e875eaf216b61d392ba66c3efd0b