7a61ca9db96a39902028ef7bc8eedc68bb82bbdce3d86959c818373535d91061 | Triage

Resubmissions

01/06/2023, 13:52

230601-q6laesee79 6

01/06/2023, 13:51

230601-q6be8aeh6y 6

01/06/2023, 13:49

230601-q4w9xaeh6v 6

01/06/2023, 13:48

230601-q4bcfaeh51 6

01/06/2023, 13:45

230601-q2vy3aee58 6

01/06/2023, 13:42

230601-qz6msaeh5t 7

25/05/2022, 10:04

220525-l3xrtsdfbm 7

Analysis

max time kernel
149s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
25/05/2022, 10:04

Sharing

Report Analysis Logs

General

Target

ykfoxibh.pdf
Size

26KB
MD5

637cbb04da4c089807dc233a1c8a5662
SHA1

9e470c979ee8513326a8f1dc32f5b1116278f3b1
SHA256

a8e74de4ca0e8fbab1040b6ade4b9203abaca340feda37d9f750d0efd06c40b9
SHA512

9ca49fe51d4ea98d828e662f83ff18e51b73808ee6acd5bec81b52897d7723233bc6e397efa6390703f661f7b37afde7f13eb1649681f2db7acdbb51d7f59e32

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1580	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1580	AcroRd32.exe
1580	AcroRd32.exe
1580	AcroRd32.exe
1580	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ykfoxibh.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1580-54-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download