79e3db1dc5a6ee8a4ea658e6c649dafd34a7b56be47bd3333775e837a128cd8d | Triage

Analysis

max time kernel
150s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
26-04-2022 10:04

Sharing

Report Analysis Logs

General

Target

Nuance Dragon Medical embedded in MEDITECH Expanse.pdf
Size

115KB
MD5

0a918a70873c300f8a7656b8f3a42a53
SHA1

004db61e78f5862ee3f51b6e7666f642255a1966
SHA256

5861179f3f1152faef25fad4d7db6ea64fe8d028855ca308f8504ef09bfeb227
SHA512

8f1f7049b94c1f53e26eb43b27155827741732ed25f6adfb8bd4d8ae7dfdd23a036340ee7a814050a2e3059fb35e175c5da9fec416d26ef4453e7301497a2e75

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

1764 AcroRd32.exe
1764 AcroRd32.exe
1764 AcroRd32.exe
1764 AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Nuance Dragon Medical embedded in MEDITECH Expanse.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1764

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1764-54-0x0000000074F91000-0x0000000074F93000-memory.dmp

Filesize
8KB

Download