e97ac9b36c1be6d352e063f5c215b6c7a392e62434b74688f1aafe145280d255 | Triage

Analysis

max time kernel
150s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21-10-2022 21:00

Sharing

Report Analysis Logs

General

Target

CISP培训手册.pdf
Size

593KB
MD5

53ccbc47541625d3751d221ec65de517
SHA1

2a7cac10c97fee45f6ee645b84ed85c4079eda2f
SHA256

a51852da85e6276050d37a9a67ea6ba5092013083158a0d28c22acd8d525cd42
SHA512

584a7d20ccc20541b3e6ffe5a80eca9e18cc5900ab3a55afe49007e4096c3511009a778d3e1d03af6738fbf94eb35d943263c92eafe8882d25660e392fff6c70
SSDEEP

12288:+NxLFDcCyACW/hfDRgInLSWOQVgY38NdheM+5+QQL54f0CEiK8SJb:CZEW/hfDRgsSWOQV/2MzM54fWxJb

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

948 AcroRd32.exe
948 AcroRd32.exe
948 AcroRd32.exe
948 AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CISP培训手册.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
PID:948

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/948-54-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download