e20074af97e539bdc73a72113eb735fe56a521d04a3c5ce6c57d63d52364567d | Triage

Analysis

max time kernel
152s
max time network
128s
platform
windows7_x64
resource
win7-en-20210920
submitted
29-10-2021 19:12

Sharing

Report Analysis Logs

General

Target

emgqydavf.i5 pdys.lhqt5 xr.fdi5 jhqvkd.5 ocmlht5 o.gbfh5 jcnzs5 k.nmmt5 if.apew5 mbgjzp.d5 lcwrdscfk.pdf
Size

162KB
MD5

d02667f812bfe8c61d31bfc3b9c23517
SHA1

703f36698f2dfc117d5af924cd2bc24d5807bb51
SHA256

e20074af97e539bdc73a72113eb735fe56a521d04a3c5ce6c57d63d52364567d
SHA512

f1cf770844a0497c47b40f0d0d07b355c721cf5460c47a465740ff0d6f024c91a38fee2135c5c1847a9e33df4868d3d28e47c85660cdb577160ed9a6efaef74a

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

1764 AcroRd32.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

1764 AcroRd32.exe
1764 AcroRd32.exe
1764 AcroRd32.exe
1764 AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\emgqydavf.i5 pdys.lhqt5 xr.fdi5 jhqvkd.5 ocmlht5 o.gbfh5 jcnzs5 k.nmmt5 if.apew5 mbgjzp.d5 lcwrdscfk.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1764

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1764-54-0x0000000074C71000-0x0000000074C73000-memory.dmp

Filesize
8KB

Download