Overview

overview

3

Static

static

3

AND-LIVING_INV...76.pdf

windows7_x64

1

AND-LIVING_INV...76.pdf

windows10_x64

1
General
Target

AND-LIVING_INVITATION_2021109476.pdf

Filesize

185KB

Completed

14-10-2021 05:05

Task

behavioral1

Score
1/10
MD5

d4adcc2ff7fda7b6097dcb436960cfba

SHA1

4ed2bb0c04bea06ccd61577e398c1fe61272a2fe

SHA256

280ff42f2664b423a40e20eb03ac4d8d730615b191795ec35d692ea9f31c4807

SHA256

c732f2165b214c3810ce0762dbf57ec845a5e83e69f6f9262d67f89d01ae5e00b930bea48fe300b89bce08cf67582bdf9e5734c68a4a9727444370862c84f2d7

Malware Config
Signatures 2

Filter: none

  • Suspicious behavior: GetForegroundWindowSpam
    AcroRd32.exe

    Reported IOCs

    pidprocess
    1092AcroRd32.exe
  • Suspicious use of SetWindowsHookEx
    AcroRd32.exe

    Reported IOCs

    pidprocess
    1092AcroRd32.exe
    1092AcroRd32.exe
    1092AcroRd32.exe
    1092AcroRd32.exe
Processes 1
  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AND-LIVING_INVITATION_2021109476.pdf"
    Suspicious behavior: GetForegroundWindowSpam
    Suspicious use of SetWindowsHookEx
    PID:1092
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • memory/1092-54-0x0000000074B41000-0x0000000074B43000-memory.dmp

                            Download