Overview

overview

6

Static

static

6

ykfoxibh.pdf

windows7-x64

1

ykfoxibh.pdf

windows10-2004-x64

1

Resubmissions

01/06/2023, 13:52

230601-q6laesee79 6

01/06/2023, 13:51

230601-q6be8aeh6y 6

01/06/2023, 13:49

230601-q4w9xaeh6v 6

01/06/2023, 13:48

230601-q4bcfaeh51 6

01/06/2023, 13:45

230601-q2vy3aee58 6

01/06/2023, 13:42

230601-qz6msaeh5t 7

25/05/2022, 10:04

220525-l3xrtsdfbm 7

Analysis

  • max time kernel
    68s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2023, 13:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ykfoxibh.pdf

  • Size

    26KB

  • MD5

    637cbb04da4c089807dc233a1c8a5662

  • SHA1

    9e470c979ee8513326a8f1dc32f5b1116278f3b1

  • SHA256

    a8e74de4ca0e8fbab1040b6ade4b9203abaca340feda37d9f750d0efd06c40b9

  • SHA512

    9ca49fe51d4ea98d828e662f83ff18e51b73808ee6acd5bec81b52897d7723233bc6e397efa6390703f661f7b37afde7f13eb1649681f2db7acdbb51d7f59e32

  • SSDEEP

    768:6VIvJ8CERmF13oZt1g1cRjlwqjlbgQ66zbVcvV:2IvJmRW13oZtycRjlzdfVO

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ykfoxibh.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1988
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:568
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x470
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1504

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads