4b2f28b066e2a35caeb4928a87b4fad3c1b5fecafb10925a2a5f183cda9d2332.pdf.000

General
Target

4b2f28b066e2a35caeb4928a87b4fad3c1b5fecafb10925a2a5f183cda9d2332.pdf.000.pdf

Filesize

63KB

Completed

10-11-2021 14:50

Score
1/10
MD5

e2e0f6937b6eba8bf5c790b90bd86f9d

SHA1

b39a01841ff8f6708926e736672a1e18634698a1

SHA256

4b2f28b066e2a35caeb4928a87b4fad3c1b5fecafb10925a2a5f183cda9d2332

Malware Config
Signatures 2

Filter: none

  • Suspicious behavior: GetForegroundWindowSpam
    AcroRd32.exe

    Reported IOCs

    pidprocess
    948AcroRd32.exe
  • Suspicious use of SetWindowsHookEx
    AcroRd32.exe

    Reported IOCs

    pidprocess
    948AcroRd32.exe
    948AcroRd32.exe
    948AcroRd32.exe
    948AcroRd32.exe
Processes 1
  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4b2f28b066e2a35caeb4928a87b4fad3c1b5fecafb10925a2a5f183cda9d2332.pdf.000.pdf"
    Suspicious behavior: GetForegroundWindowSpam
    Suspicious use of SetWindowsHookEx
    PID:948
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/948-55-0x00000000754F1000-0x00000000754F3000-memory.dmp