e5e4f5ba15a4bb5fa50d37161409f8eebdcc120506e60853e1ca0dbd90ba0bcf | Triage

Resubmissions

20-10-2022 16:05

221020-tjrepscedn 3

20-10-2022 15:26

221020-st7zrsbfd8 6

Analysis

max time kernel
605s
max time network
417s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 15:26

Sharing

Report Analysis Logs

General

Target

Brochure.pdf
Size

1.2MB
MD5

832ee795b9cf632ec05a37a58cae400e
SHA1

1f356ca53d91526260205ccd2d4c0a1a9727ab6b
SHA256

e5e4f5ba15a4bb5fa50d37161409f8eebdcc120506e60853e1ca0dbd90ba0bcf
SHA512

c7e796b6a5588c7d193050b59a5735b2898916cc4615ae927e57eb74aa905f74464ce40dd04e01f8c3b3f232d7bf1a77203d18b0245d191fcf68a0b04b5cce18
SSDEEP

24576:+40jYyTZ59a3BFxAY8FbWrNlCGZ9AN5RQ0WbjX:+40jYMZ5AXCbmN4gAN5mdz

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1856	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1856	AcroRd32.exe
1856	AcroRd32.exe
1856	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Brochure.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1224-55-0x000007FEFC311000-0x000007FEFC313000-memory.dmp

Filesize
8KB

Download
memory/1856-54-0x0000000075E51000-0x0000000075E53000-memory.dmp

Filesize
8KB

Download
memory/1856-56-0x0000000000BA0000-0x0000000000C16000-memory.dmp

Filesize
472KB

Download