8cbcf688d8cf2be8cfcdb397569fc979c8ac591b7a8d0056e897093ef069ffc6 | Triage

Resubmissions

15/08/2023, 18:42

230815-xcjytsda27 3

15/08/2023, 18:09

230815-wrmgtscg74 3

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
15/08/2023, 18:42

Sharing

Report Analysis Logs

General

Target

whirlpool/D/Whirlpool-ip-statement.pdf
Size

31KB
MD5

b19d16a7aa924f28bfe54b423af2c469
SHA1

262b222467cafb36b3f484d7ca5112f80f3852cb
SHA256

b25510752b658246fe2afa2779bb2a44e58a1635d82800c5d4e1d96adf1347d1
SHA512

69ba88b193f2a67bec3812525fe316da0e10b2552995f7380c1afbdc83d6de3097b63a739b641d9e9f80390bfa28ab76f96f5c163f122a7599a0682649e1e988
SSDEEP

768:bnvF74nE4KqErNNT2K504qZJf4lv4QplD7:rt74El0eSZJgl

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2296	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2296	AcroRd32.exe
2296	AcroRd32.exe
2296	AcroRd32.exe
2296	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\whirlpool\D\Whirlpool-ip-statement.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b2d9e7dec517831da07290e3fef5a273

SHA1
7557a71845a8bad63c001460a6e34c34e4d0cf78

SHA256
bae0eb85289415d5efd960152ceef262d18dd8d985a067c850f4400b8dc1403e

SHA512
06d58fdede13979fb16c1eed913a619c439d6a3ea8a29010d5bfdf48b106385c0a4ba52fa841c42a10ffbb6cb9b25de16b4fbe4517172358a3ce6d9d1bb3afa0

Download Submit