f5627e2ac3dd3ebdd51c3d2d2316794b03cad05acea4754e1675a5fb3e931b71 | Triage

Analysis

max time kernel
184s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
02-05-2022 16:19

Sharing

Report Analysis Logs

General

Target

Eric Stocking, Resume.pdf
Size

130KB
MD5

454d2322dffd74f47df9411ab490765d
SHA1

8f005c6cd73b327b1f87e80fd567a4f8f1881fe9
SHA256

f5627e2ac3dd3ebdd51c3d2d2316794b03cad05acea4754e1675a5fb3e931b71
SHA512

103ac77cf09083d84e39c73475c93f1629cf731c860d836bbb2dd676dbbf4b823300439ddcf569ed411732569621d8ad4e27ce642da8a7c7dc33df4fbff99216

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

1640 AcroRd32.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

1640 AcroRd32.exe
1640 AcroRd32.exe
1640 AcroRd32.exe
1640 AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Eric Stocking, Resume.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1640-54-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

Filesize
8KB

Download