8cbcf688d8cf2be8cfcdb397569fc979c8ac591b7a8d0056e897093ef069ffc6 | Triage

Resubmissions

15/08/2023, 18:42

230815-xcjytsda27 3

15/08/2023, 18:09

230815-wrmgtscg74 3

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/08/2023, 18:42

Sharing

Report Analysis Logs

General

Target

whirlpool/A/Whirlpool-cover.pdf
Size

35KB
MD5

03944b6bc43f89a1c2df004466f91900
SHA1

76f6e379530c586c7eba54d194cb6a889356e46b
SHA256

80766b769a0846bc8892da25f018a6d170de2982312abcca4c3ef007cc7a8c5b
SHA512

86ea1b8874cbc887feb8af06aa55d567c6fa8cf81d4244825768c6fc23cdaa4c7a0913bb10ad42ac97381af9f266728b89c36a29977208a6f079a48af9f2ab8a
SSDEEP

768:y5C1R7R7/im1+soMaEbNw4jvZ3YgDjfRr74QP4Oc2JXDOJMw:yyR7R76mxnZw4lZYQbJk

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2636	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2636	AcroRd32.exe
2636	AcroRd32.exe
2636	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\whirlpool\A\Whirlpool-cover.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ae21b769067f76fdde3323936c0e0454

SHA1
874fa732d813ad6375c1ed4303d5278f647588e9

SHA256
9c9d1ca89e8d5a9cf4fc490e689abe9378b1900d31385f10c3c54b22cecaab2d

SHA512
b5c01c3df0a9dfa4b8e1289f8dd94818479853154fc30bdb6c93057be39dfb216a5e19ea06236ac8c228f644835d45fd2c53759fd4df872e1af0659355877d9c

Download Submit