Overview

overview

4

Static

static

4

ffe16f397f...89.pdf

windows7-x64

3

ffe16f397f...89.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 11:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffe16f397f9e6aed747a1fef03095d1d1a893d8f546a0c52fd55c580de72ee89.pdf

  • Size

    95KB

  • MD5

    c026badd6cce50061e0a46537348e2d1

  • SHA1

    122190874cee714bf513543307a1faafce7b916d

  • SHA256

    ffe16f397f9e6aed747a1fef03095d1d1a893d8f546a0c52fd55c580de72ee89

  • SHA512

    8d070abf946ef0dcb01ab573fbbd96c9c6e6e1ef9f96f96081d21067034124333317aa5459e19a7374698d4bcdc25e65db0f03984e41240d089a15fcf49e62a0

  • SSDEEP

    1536:gMDjPPPPPPW+CrxSpYku9iFO2ASHtbcAdI9uC5ZKtejllPa+2szpoG+JXd2aB:TjPPPPPPWfNStpAS5cAou2jniyk7

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ffe16f397f9e6aed747a1fef03095d1d1a893d8f546a0c52fd55c580de72ee89.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.diamat.fr/wp-admin/imgz/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2372
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    cf61818a456cd23a64995ecc5e6befd5

    SHA1

    d65ae1a0f5dcccdda66d46fb736c70d6e8cf59fb

    SHA256

    d239a3044f2b480fe6876644427cea6ef17f04bef59b2f5418a425fcdf0c76f8

    SHA512

    6845b5d17b6f8554c0cbebc6fdb8b285909c5a5ab07ade76512a33a8360bd9661778c53ba5b33fa5733927327692a819534859083e6df5f07d9c01bf787a132c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7736ca1809ac8e600b05b2ee3bf85e27

    SHA1

    58261756976bdf7150c6f0180a9b74cc5202a68b

    SHA256

    880bb41e94597e3a55ac670476892580349d63434d894bde67984b9dc6e3d9ad

    SHA512

    2dd640584bfccda678961b823f8086504e929f07258a5ea342460d045f6c69e60330c7d17310e23238b91998bbb47997a146425a202b5248bcf5f8c9dbdb129c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3d8ff09312c21e211594c66e7adbddd

    SHA1

    557468317c038faa027ad51999d3c9dde555ad1c

    SHA256

    403f1fb76eede9fec1201a826e543152b03e446727a7570db8412462046d819a

    SHA512

    655643e494491d300bf83a8e2f50441f03bb6a67fb37561e68538c6aadbd78311b58f41c5f9869bc7101cdad3d4c969a3bf83b732b142d47d4af5ce502dcc78c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4ea33e3115308693b136258af793253

    SHA1

    002d75e2bfa4c1b8dbd622e7388b600412cec33d

    SHA256

    ce5238f7dc802b31f5837382b070c88d4bbee0689b5c8f6f4e1a149f9941e3c3

    SHA512

    7041a6fb33b47816598a923c1914ba6b59693a73978e2e53e14ea0029103dda4e5c4fbb91eb2e2b4d3d71528c890a6a1bb696b1937197309c154fdf7cc8fbb77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cb057aad55b2c0e0f4496d13e357816

    SHA1

    f059f81a33b7c0651ccb3a35011f417025b3e76d

    SHA256

    b3cfff48ced388d53204b48c8e26f7a56bb56d0a2591f83b2b7df090c274e267

    SHA512

    7781002bbb49b73f12407e5a9c21558e9ea267a6b302cd0bdd61655c6a94aecbc10770d4bd474c330378d6b748892cc74d7037d5ecf410fccc4d1896b5fe94c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88bfffa330130f94b5efa17c7cc675b2

    SHA1

    967f802b91b0ff85397af440a10be1e468a18dc0

    SHA256

    c1f52bdc1870ab13765ba31614144e1c72a1a234b3192910fbe9ce7c218c03fd

    SHA512

    698310db2bd6e8a8b496dcc4de50d0f4e13287e15a494afc41434ae9648718a5fc2091acc0f82bf57a661839e31862a3875ac5faf5161a94cbe805c78d5c4b2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73dd95ea6cf1f9eb7cdc6b26738e07af

    SHA1

    7f9bb0e4f2a6a532f09630af3a87e83ec58800ce

    SHA256

    bc2d23442bde973587d0f7b9aff888cf59ed9b5e72e784a33c716128fc3a6ccc

    SHA512

    198c5388566e5d7e50c5cb0ae2d16cee32070d634becb5790dbaa04ffe326c9f59bad502bb96a513fe5a67f53c5b524963bf27f6d8b5e11ab28208efcf657bc4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d0e956539e8accd9964cced3f31a314

    SHA1

    a861b3064bd95fff0b2365f2f938ed465a471ca3

    SHA256

    11831cfa68e71bd436076aaef4a45005590e683a4c16ed9448a6ade4d2148173

    SHA512

    850d6f29a82727b23a976b5924aa206949a10d87a72ce0301b3997ce4b9da4cb6345e4456f3510efb76128d75a34b945e89add5293c7b3b375d46b7cba170b71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3cf5097ef4e4fbd7f11ee6b409d1ffb

    SHA1

    b93e61b8e3644fb7f22684a01412daf1538e294f

    SHA256

    8dfebd535048a79e9a4ced4047b42c3957816550407277583e6fcffae33d4bbc

    SHA512

    04028ef14992c3278574372e320ea0aa9255ccbb64cacf2fe842a1e41550883d0803dba6273a2bdb89d041ec7193b8767d71653a1890b509cd085751bea9c5bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20b49619195632da0501a5ae04739b0f

    SHA1

    829da8f082416059929222fc48263557ae0dfef9

    SHA256

    911aa18c6fd86e3e37f824343a64a6b27907e8d041a5cd89b04c0cd89d85c63f

    SHA512

    8c7ab9259e7fa93a747f3068df98548107f6ddbd871e418e0696fa7fd59ffe7f84305897526fa0481289ed84be1716a59480bd47621501ae0496596e98e6b533

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3139f0ffa92d13deb659e5a779dac48

    SHA1

    26705afde0b4212272ac35d24c6a8d5c22dc5e23

    SHA256

    ffdd33d820db6cb63552ae5e92b1bcc10e023ceb29bc0818bd7353ce2543bc9f

    SHA512

    53404cd3543e7e33f3f27cc4b5e4ab83eaee74bc571934dfe6113b4477d901e34bdfd3fda34078fdf530945545e975927cbbdc5f9e1fb19a1cb41d83c77124ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22ba30e4801a3435ebac22d1d9d185b1

    SHA1

    917731b7ec1271d2f5204e21717807490d6a2f13

    SHA256

    362808019ffc45fd99722dde3d040f6cc4bcb34eee17b36e676d0896d5171a72

    SHA512

    1ea7d56853399b3fe140a6854952013ace9c94db7ed5ce4e54034ca7d57848467dbf429fbb354045a5d2cd786b4b8afd53fce1012b3bc7453904c544fbeec964

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c51dc0c4b8ee9695364084d23e09b048

    SHA1

    e454e67ce35563bf9e22a5fb32b4630695fb0085

    SHA256

    ec7c3c7ce7f58006d92dd2194540b2d8605826f75097719ef2559fe331ab7226

    SHA512

    3a9862707d82c45a614518d2f2cefa141687f8e567483f06fb0dbf92d2a493dc0857dfa609dc538583923faa138a135ad8d0d055bc1b5c5eccb99850e838b8a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    aa05487b07d3e0154f0c648853a12ced

    SHA1

    5a0557380157f81e03c7635fdfb617a42fde8d99

    SHA256

    894a0d92c98497f02133908734a09db1b2002a1957386f21205aac663f12756c

    SHA512

    99e5ce6a9cd62cbab64657a43198ee2b24a543060597e25605559aa9db91a65cfa96e575ee4916b1f18ca262d350bc037cec9dd9d9785eee5d37a26d893b1863

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab44CE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar44E1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5fb719fb905128e6cc4ec5e1f3592f5c

    SHA1

    e951cb977d478f12c9f3c8303d0fb29ee229a6f0

    SHA256

    6ff14f75beb86bc35b29d6156f8c00bef52c4d351d66e89a8971f52005abc36c

    SHA512

    d8d49c54ba157d56d6ab27e2ac63b5427ac996e606b1270ee468bfa2076fa90992c4824937dd994405a5bd7578a6f8fb0fc44999e2879a1b47aa03ace885dcb1

    Download Submit