Analysis
-
max time kernel
151s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
30-10-2021 19:08
Behavioral task
behavioral1
Sample
deshtk4 ifs.njhb4 mrj.4 rfwk4 gxnmkc.owm4 rhdqc.4 lnvq4 sbshu.4 okzim4 py.tnhpgk4 .fjd4 qvotbg.l4 rhh.dar4 sxm.pdf
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
deshtk4 ifs.njhb4 mrj.4 rfwk4 gxnmkc.owm4 rhdqc.4 lnvq4 sbshu.4 okzim4 py.tnhpgk4 .fjd4 qvotbg.l4 rhh.dar4 sxm.pdf
Resource
win10-en-20210920
General
-
Target
deshtk4 ifs.njhb4 mrj.4 rfwk4 gxnmkc.owm4 rhdqc.4 lnvq4 sbshu.4 okzim4 py.tnhpgk4 .fjd4 qvotbg.l4 rhh.dar4 sxm.pdf
-
Size
98KB
-
MD5
e92e25979cb4218b6c6d90dfe66fedbd
-
SHA1
002530fb67c122b5f23feaae1bdc7d8d7ebfb7c4
-
SHA256
51ab6f8da399ee0274c5821f1dabe4d0189e25defa1105d636cf4de6fd3c2edc
-
SHA512
47a4e507cd281cbf144600088b6eb663a45a29bce7af1df88822c50e9e3bb65b1f1c189725b9f4a66955903306b8155909db7a12f02e4cbf53fb0c7e1de7941f
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 1324 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 1324 AcroRd32.exe 1324 AcroRd32.exe 1324 AcroRd32.exe 1324 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\deshtk4 ifs.njhb4 mrj.4 rfwk4 gxnmkc.owm4 rhdqc.4 lnvq4 sbshu.4 okzim4 py.tnhpgk4 .fjd4 qvotbg.l4 rhh.dar4 sxm.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1324
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1324-54-0x00000000759B1000-0x00000000759B3000-memory.dmpFilesize
8KB