Overview

overview

3

Static

static

3

BLU-3_1036...19.pdf

windows7-x64

3

BLU-3_1036...19.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 14:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BLU-3_1036_WCIN_19.pdf

  • Size

    1.1MB

  • MD5

    b868ad9ad5ec1956e1543b894188d47e

  • SHA1

    c73c9ef9dd2f38d648cb8b690421c7c00073e57f

  • SHA256

    a6c46eab8edb5e78227c71b29ee5e25cd98dd44bbb5bd443ba5ba0f6e6af648b

  • SHA512

    1b62b64a3ba8f65d4eb2eacfe865174b51df75f33c471edbd10cec6853764db2b53868d65bea6628cb0e95a8668e4858fbb507465f6961f75e593f333479c036

  • SSDEEP

    24576:oV8BvfDgfkGBuk8ZiHaCz7H7DgZMnj54wIkcAWvDXuUrs79o2Gx:k8BnccGkpZUz77n5JIoWrXu3y2Q

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\BLU-3_1036_WCIN_19.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://login.fairacregroup.co.uk/frHAwnEd?user_id=K372tuNPuqpEPyuVwvHxQFrLoPpzOabM07YdEljaPzUw25RdNgQYe9BkU5xIJ25ognRjLoef4WO6E5JcRweyWUrQKHuTHrzdh_LS6PiVtQ
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    240406122e16b44d95703871549dd2ec

    SHA1

    ebd8fc983d208230a087843399638d8e6d21f873

    SHA256

    0bc7d0205e29bae83f6946578420df86e32a634488ba404081a3bc808bb0e845

    SHA512

    34feee91a97915c3b0b7ccd9fd63b6fcf67cd920a4022ffa8a52f53dd010846b89e6cec77d90c2d14e1eeabe53f81c6f2252532bb032150916d994dd3bcf48b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fa32739459adf4dafc60b9ac2647646

    SHA1

    3b918cbaaf1833d730f3dbabfb17c151d481475d

    SHA256

    9f16c64889adcde8eabba2c0860b08750a9b5e9191b5e98c9e44f1c7420c32bf

    SHA512

    55fa6736141e7dd72736394748db2b0baa654d17ea0d7cb347bdee951495ddce1391282ec343fe85bffad2f26e91b2e640a9b0081a659d9723c40ccbb5f4d491

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95b0fa0b492036a2de06c212886207bf

    SHA1

    249fe3cf373a39e970d4b1636e532242c4d9d2bb

    SHA256

    687b74a3d698223ffb048e005d5227eb6709e688b2e552e197a29adb23cb7435

    SHA512

    b394a554c92747b456789191daed46973dc51c43442af7e94947400a35ec026d2d28f04044aac75c29f648e4768b954ff008b5be71ce71d4e70f61376ffc258d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54043a0341dbecff1fdf0c671daaab27

    SHA1

    e6cd7731c2d2b38aaa4c31c2c0624d9f146dc789

    SHA256

    7cf6874ad941327aee7a00def8cd73e40fdf9dd965a2cfff44ae1c7d036e020a

    SHA512

    9593acd810a595a886cd4c43d580e6443943a440b607826aeadb8263c3e1ba36625d80d33d5b902b5fb45af20fdc2107378bbad5766b74b595c78312b33cbc1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79253819892c4855c1371bd3ff3a3747

    SHA1

    87618f17e4fa3dda05bba3a3b87f29d1ac56df5e

    SHA256

    cc7df5651c6ff4ea0838c5d7a5d0713f63642ec8dc8feb0e6cd6644401464842

    SHA512

    c55962fbcea0b57c80d8b2ee68f9cd93cb0b7442e945a6f376dab4c8b081e9370052dd071882e9609653826726ae696e3b96a6ddea0fd95f4222c78e2fccb600

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00b9dd4e4d2e5d6a3113ebafab0954a6

    SHA1

    fd74b0191eb72f607917f12711a787af116a499f

    SHA256

    c603e4e2c823d995a644d7288046901df513ab941ce7d6c8e118bd599c9304a0

    SHA512

    98353c9a051da965db3e9d55784cefe5869549c3a7fdb67e4e4da85fd897eb0c67baaf06ac84a643e784ecf027bb894a3e3f3c988759bfaa490e808e0652b534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2e2a18a50221ac4c36fdb1a258b4d7b

    SHA1

    7212a8bfc7783725c54f31232250e3359059b59b

    SHA256

    9b0f681a3361aacca6a7666d45e8e6d717d1b38248dddb82b42728d7bca9606a

    SHA512

    f37186051c5be9fd75a3a4997681bc81c4749b079fd38dae9a63c07785310f9037e430e2237584c46f427c7f29f507a0cfb0047e80b297d002235af32727f916

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0743b210745ffec5f6656d63f8724587

    SHA1

    456035d83ffc8a355cbf8c76cb8e1031068a9017

    SHA256

    be18417ed01ed451fb2547ab39cd659fb7b57ea916c29c5ee653b07943c9aad2

    SHA512

    fe5a30dbf3029a9f17af140fc1004482aeff519448bc730746de5c51c4d2f82c8a98be3b3e3613009928cb8a71296d3c07240f1233b4540dda7e6a56d79e7609

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8d3428b342d61a65b3b3e4cc2f92fe7

    SHA1

    0203699fda1f1edfc0d42f605911c4af26df7e80

    SHA256

    fc68cfdbcb9c238ae93e3d5004e41acafdd33f9f2c5c94d2a7e91a9d080a9f7c

    SHA512

    956086ccf952b4fa145a99e3fd62c2cd9645cb1a4072941c5caa56db3443f0fe49f42dc66ea0316128a131b199a952ea8d59958ab7d1fceefb13e5ed415c5bf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2608b55e0abe7eda674ad0f09c790b6

    SHA1

    cbf1a972be845492424792745f62462cccd9c18e

    SHA256

    d4e133982c9c8765e23bf320d3117ae73fb7644b669702514bfb30db63b4bde7

    SHA512

    b12a0f8de838fce4d5613f58987ad285e344c08ce89dc286579950b6083f3b05332eb5932483f02914f0de00839613bb516fbac856da9b8054fc54931628cf2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    395a224ab81aed02a0421c6033896ce0

    SHA1

    b4e0e0d60a9ea1c332cd7731ac08b8f4c9dca93c

    SHA256

    08dfe9774980d44e78cbd6d9824c454c36bdc9817ece7c5cad3b884a9b16ba56

    SHA512

    fdcd4cc71dbef0d4a33a2af682743e14339adf26e176a630d4c897f22cd5a0a1e86d5ae6cbf3affda6a2417ad948efa463bb09351880ce4e5cf98979d75ded1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d153ab8b912a448f405482bb2cefa2f

    SHA1

    cdaa0210339887350cb63d5fb2a74d4fd602cb75

    SHA256

    5c040c935c0f75b5bac5c371227aa3e05cafdf1f7edf63c34ba664122bc2825b

    SHA512

    4f5f35b1a45ba6adedb207302f26e4d6f0fee018a17ca75e95ca215d3b1337181ac41202c8d7562e82c8d355e91337dbd315e3e1b7d3ce3e9ac542eb946fe78f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39e625b00481239b8827f15e3181efb8

    SHA1

    f5448ef19024577323dcbd10b5add4705084fe11

    SHA256

    8330ce04f8b12b38d1c1df3cf0fed6a1be507d2ecdaf555c2dbcb54dd9f7dd85

    SHA512

    0c55256e2eac4046fc7e5e8da054bdd8a1d4f54a05fb0c319873a8d68f06895c9348daf17790e7d3ca4fc3fff5bf81effca3c580438375bc0e6504b4b67087a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f69918027a9d7a23fb73cdc7bfce3704

    SHA1

    a89dd93fcdde9128a98d82d0be3b941f268f32b6

    SHA256

    e80941828842efff27a9e9fc214e081cbf1eccc2499f4d52296c644d4b62fd6e

    SHA512

    964c89ea594c1fd384069bb310d89f87d10cf451961fd19c58f3152f42525923b0a240529059164af85f242070f7a50d7fc8c7f79b0651f41184ff666d991cb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f457302bcc46cb24689690c2337769df

    SHA1

    03b1179c3efb7748d6884e355db6a557bf43de75

    SHA256

    be664cf2ceb3c7630d1521fa767a6e940ba2e08fa30158fd107a88e361602ada

    SHA512

    86d40c6e3190619b45d9060cebd2648a1a9a2053f29bf1bd4cbb123b5952f9411d0d64930be25b1a41f6c2dca1d86615f1db17c8155126135d0c57d17402496e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c946bd7a7bd3c5694343bd1fee6c5dd6

    SHA1

    1fdf98fb6b1995c909a0df2e01d8710b3ed2e829

    SHA256

    75e7a358c57030c1a6124bb7577991b8b8932d364ab5c1744f83470ce6469f69

    SHA512

    dfdf82183a353b6448b5773153b4e6fbe959475938d339b275aa02b54314c34884932d6c4c434cd462b5b78f94378f3872f5a2dda901bcf1a2711208cd4b3f9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7ec55c62972e92eed68ebee49e4a069

    SHA1

    7f983bcdff6bab24fdd17095a9d594b34fe57743

    SHA256

    29197a8b4d067e1d1b1c6bfd628721aba618e26d52ce7ee4e65ffabc260575be

    SHA512

    7a8424c8eb4d034b36b74f3cd2f51056034c08e73f4491d2625246bf0ed09db43886d3e039907a4e6191cafbb45ed95036f818318e540a78adfd431d4de19002

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3481d3d6be120c03df4da490c5ef22b

    SHA1

    bc443d740c73a2e5b0f9b292bb26c5d075276790

    SHA256

    3a03d46373f3d97da7295f3b743710f6103b20c55b618e6f685b4cce8647b8b1

    SHA512

    dc0a491adae4818926555b6d84541fa3b3e7de623ae5dad90dd870ec2aebaa8723824d09f511f83b2c4f250dca95a267ff92df67049a18313fcf03bdea0926ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a704d80a74d2763dc4c7956fcacdb398

    SHA1

    247a7af983169c81855fcaea951c3628d9bc0ed0

    SHA256

    75bfa19221faac6ddf7d9412a3720d1376280dde718fa5bd4fb971e3d7c71178

    SHA512

    d0ef97c86b9abb071cc613f6564738b0308fc273d53b8164b9df14df7f3190c94a2608a3c24e6ca5401cdcd9dd1192d2eaca8ec0f06e40ed64901f43bfc60ad7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9E91.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9F71.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d242ec8630630ce26468b9a47d4439c4

    SHA1

    a5887b39a031b5be8b68492e03e82af9e83abcaf

    SHA256

    924e5a073afbcd27b5919a2d0c99e51ea6278a196c76edd6a332504689b63a34

    SHA512

    a246400c280a2944f68dbdc876327bb0b1156176673cd8a735c606dd578ccaefbc330d3f86f52d5bbfc0e3706e81ec7ddab09060f28435f7f91ff29197f803f9

    Download Submit