58f481ea604247046feb7df73dc34ae2bee8127dc1406f4b937bd0a3a3171a51 | Triage

Resubmissions

16-11-2021 02:54

211116-dd4vvahbck 4

16-11-2021 02:42

211116-c64vwacba3 4

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-en-20211014
submitted
16-11-2021 02:42

Sharing

Report Analysis Logs

General

Target

Order.pdf
Size

335KB
MD5

57ec83f0244338d247f406f3ed9e912b
SHA1

bf744d4ec6a842b8aad0a0760c9ae3f25066d940
SHA256

58f481ea604247046feb7df73dc34ae2bee8127dc1406f4b937bd0a3a3171a51
SHA512

35eb886f57b4ff159ea87aedf06e59aed54647796140c2f82f6c0ac3d07cd58eb256b77f799620375a6a2a94a56dc219e8a5f850d0f37b0edcdd22e3709875d1

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

1284 AcroRd32.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

1284 AcroRd32.exe
1284 AcroRd32.exe
1284 AcroRd32.exe
1284 AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Order.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1284

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1284-55-0x0000000075191000-0x0000000075193000-memory.dmp

Filesize
8KB

Download