Analysis
-
max time kernel
189s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 19:32
Behavioral task
behavioral1
Sample
4d586ae9f03bf55e863c8694478d3f5a92175ac51a3c15d70241a9dbdaf30ca0.pdf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4d586ae9f03bf55e863c8694478d3f5a92175ac51a3c15d70241a9dbdaf30ca0.pdf
Resource
win10v2004-20220901-en
General
-
Target
4d586ae9f03bf55e863c8694478d3f5a92175ac51a3c15d70241a9dbdaf30ca0.pdf
-
Size
87KB
-
MD5
9665e7133ee16169e6f0184ef138e3ee
-
SHA1
e971b982aaf4bb26c6d32e16f9d9343371396f9e
-
SHA256
4d586ae9f03bf55e863c8694478d3f5a92175ac51a3c15d70241a9dbdaf30ca0
-
SHA512
20e57276074921e1dda39f6db5e980eaf48125314c8ef39c9c380d22959b71b0a3006e7e963c789730e59e1a5b2dc68df1ba2c2bc3ed7bfad02bec41c17ef5c0
-
SSDEEP
1536:DGSydZVLmKqY9IcuqJ/7yskL7rkuCY5Tvs7mc/pVLpyIelxxBK5bfvrsJTT:DsIt0nNyvrkTgvs79pyIelxxBKZe
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 1208 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 1208 AcroRd32.exe 1208 AcroRd32.exe 1208 AcroRd32.exe 1208 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4d586ae9f03bf55e863c8694478d3f5a92175ac51a3c15d70241a9dbdaf30ca0.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1208
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1208-54-0x0000000075F51000-0x0000000075F53000-memory.dmpFilesize
8KB