Overview

overview

3

Static

static

3

5b5fbe85bd...04.pdf

windows7-x64

1

5b5fbe85bd...04.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    123s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2022 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5b5fbe85bd6e4769415df4e1bbff0260f974bbc1839d54d2b24699d247725904.pdf

  • Size

    2.8MB

  • MD5

    c1f82bef96bf5376f4adc7459d090c54

  • SHA1

    aad044a710cfe2fb0d09f711a607413a612bb153

  • SHA256

    5b5fbe85bd6e4769415df4e1bbff0260f974bbc1839d54d2b24699d247725904

  • SHA512

    7ed66d081fece954d1ebe31e4799fdb401db8fdb85bea903d2e9da472d4503f09e73ea808bdbd491c0ac282b877f688341ef1e0ee92a810e9d65f187a8a423f7

  • SSDEEP

    49152:17E2e+WraypVsSLgLBHv21CambvSbSPMxya9fQ6zxk9kdlKdlQHUBx:142/WraypcHvkCRIS0xxyExk9OKLOa

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5b5fbe85bd6e4769415df4e1bbff0260f974bbc1839d54d2b24699d247725904.pdf"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:3504

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads