Overview
overview
3Static
static
3MARSEILLE ...NR.pdf
windows7_x64
1MARSEILLE ...NR.pdf
windows10-2004_x64
1MARSEILLE ...NR.pdf
windows7_x64
1MARSEILLE ...NR.pdf
windows10-2004_x64
1=?iso-8859...22.pdf
windows7_x64
1=?iso-8859...22.pdf
windows10-2004_x64
1=?iso-8859...).xlsx
windows7_x64
1=?iso-8859...).xlsx
windows10-2004_x64
1Analysis
-
max time kernel
151s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
11-04-2022 13:49
Behavioral task
behavioral1
Sample
MARSEILLE - EDF - 10144268423- NR.pdf
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
MARSEILLE - EDF - 10144268423- NR.pdf
Resource
win10v2004-20220331-en
Behavioral task
behavioral3
Sample
MARSEILLE - EDF - 10146008309- NR.pdf
Resource
win7-20220311-en
Behavioral task
behavioral4
Sample
MARSEILLE - EDF - 10146008309- NR.pdf
Resource
win10v2004-20220331-en
Behavioral task
behavioral5
Sample
=?iso-8859-1?Q?500300_-_ARC_GLOBAL_II_MARSEILLE_-_Relev=E9_Bancaire_Mars_?= =?iso-8859-1?Q?2022.pdf
Resource
win7-20220331-en
Behavioral task
behavioral6
Sample
=?iso-8859-1?Q?500300_-_ARC_GLOBAL_II_MARSEILLE_-_Relev=E9_Bancaire_Mars_?= =?iso-8859-1?Q?2022.pdf
Resource
win10v2004-en-20220113
Behavioral task
behavioral7
Sample
=?iso-8859-1?Q?ARCMAR_-_=C9tat_des_paiements_-_03.2022_(1).xlsx
Resource
win7-20220331-en
Behavioral task
behavioral8
Sample
=?iso-8859-1?Q?ARCMAR_-_=C9tat_des_paiements_-_03.2022_(1).xlsx
Resource
win10v2004-en-20220113
General
-
Target
=?iso-8859-1?Q?500300_-_ARC_GLOBAL_II_MARSEILLE_-_Relev=E9_Bancaire_Mars_?= =?iso-8859-1?Q?2022.pdf
-
Size
40KB
-
MD5
8df2258bcea9657b10a0e180329bd1fa
-
SHA1
7703a71c75054bf55c448a97bb9e68496528ef47
-
SHA256
649e795180b1756e40e63d90b840f2b06e2d9e06ed3c8f506303215cba85c39c
-
SHA512
d79dad2299bde48a92464803d625069a335c0e599021692090d6f5ea61dd35d8e044dbcaf981be1404eb22f45eca4426f454ab35ba1006077e91fb34488760d2
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 1424 AcroRd32.exe 1424 AcroRd32.exe 1424 AcroRd32.exe 1424 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\=_iso-8859-1_Q_500300_-_ARC_GLOBAL_II_MARSEILLE_-_Relev=E9_Bancaire_Mars__= =_iso-8859-1_Q_2022.pdf"1⤵
- Suspicious use of SetWindowsHookEx
PID:1424
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1424-54-0x0000000075891000-0x0000000075893000-memory.dmpFilesize
8KB