f5a72a1e212551a3376280e495fa12311973a9a060b32699c94b79e2b97c8c4d | Triage

Analysis

max time kernel
151s
max time network
123s
platform
windows7_x64
resource
win7-en-20211014
submitted
18-10-2021 21:17

Sharing

Report Analysis Logs

General

Target

4160551*29@20*2383@085174@*60150*936@18585*794@3*50351@77*86@98*34@8784*088@1956@04*32523*8@33943@*0.pdf
Size

125KB
MD5

49b88fee2b6ad9532818a297a690f70c
SHA1

ab02ea0e063f17313540a49f2b2819e13a176700
SHA256

f5a72a1e212551a3376280e495fa12311973a9a060b32699c94b79e2b97c8c4d
SHA512

4fe526a718e7d92b0ff9d2fbfc5266fbb0609f1a7ee38e324310f45b22d931d4e6d9b74caa49967b0086296ab31031775d377fd49f07e40c29897fc6aee7d003

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

1572 AcroRd32.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

1572 AcroRd32.exe
1572 AcroRd32.exe
1572 AcroRd32.exe
1572 AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4160551_29@20_2383@085174@_60150_936@18585_794@3_50351@77_86@98_34@8784_088@1956@04_32523_8@33943@_0.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1572-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download