Overview

overview

8

Static

static

8

ExeFilter-...eur.py

linux_amd64

ExeFilter-...eur.py

linux_armhf

ExeFilter-...eur.py

linux_mips

ExeFilter-...eur.py

linux_mipsel

ExeFilter-...ier.py

linux_amd64

ExeFilter-...ier.py

linux_armhf

ExeFilter-...ier.py

linux_mips

ExeFilter-...ier.py

linux_mipsel

ExeFilter-...ire.py

linux_amd64

ExeFilter-...ire.py

linux_armhf

ExeFilter-...ire.py

linux_mips

ExeFilter-...ire.py

linux_mipsel

ExeFilter-...Zip.py

linux_amd64

ExeFilter-...Zip.py

linux_armhf

ExeFilter-...Zip.py

linux_mips

ExeFilter-...Zip.py

linux_mipsel

ExeFilter-...MO.bat

windows7_x64

3

ExeFilter-...MO.bat

windows10-2004_x64

3

ExeFilter-...ter.py

linux_amd64

ExeFilter-...ter.py

linux_armhf

ExeFilter-...ter.py

linux_mips

ExeFilter-...ter.py

linux_mipsel

ExeFilter-...EN.pdf

windows7_x64

1

ExeFilter-...EN.pdf

windows10-2004_x64

1

ExeFilter-...FR.pdf

windows7_x64

1

ExeFilter-...FR.pdf

windows10-2004_x64

1

ExeFilter-...ier.py

linux_amd64

ExeFilter-...ier.py

linux_armhf

ExeFilter-...ier.py

linux_mips

ExeFilter-...ier.py

linux_mipsel

ExeFilter-...tre.py

linux_amd64

ExeFilter-...tre.py

linux_armhf

Analysis

  • max time kernel
    4294225s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    14-04-2022 13:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ExeFilter-1.1.2-alpha3/ExeFilter_documentation_EN.pdf

  • Size

    207KB

  • MD5

    fe79c684e6ccb5bd6df2e5a7f5052430

  • SHA1

    71c174ec1820bf27e445bba1549ad3393b598b3b

  • SHA256

    e58b140277b88c3d0cacc761785a12803d5ff00f0bf389eebd7f189d2c983ff5

  • SHA512

    47954e10c8348b0b0cd3cc4d172e7d0032b2a63f3aa37861987182dafc72abd8c87dd9c6a4a727d10e97aabd66de7f3ba6634cfab51b42821ff0c3c78dd142d2

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ExeFilter-1.1.2-alpha3\ExeFilter_documentation_EN.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1276-54-0x0000000075691000-0x0000000075693000-memory.dmp
    Filesize

    8KB

    Download