a481ed7d53b611ddf102eb317000437596a15222c760feafa594150f1688cf56 | Triage

Analysis

max time kernel
151s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17-08-2023 05:25

Sharing

Report Analysis Logs

General

Target

使用说明（必读）.pdf
Size

144KB
MD5

af0b18ba02042a352de8e14eba895a01
SHA1

12407c940714c89f6a948c823666131f2108353e
SHA256

de486ec86555cc619e28740a223d8f084c43aad5fcf443834aae5d38ac639206
SHA512

121f7316ad1fabda7f090a339e632349df300b7e975b9ef02e32375f68c60708c4f089fd66407e625ba4301be34145fa3c1edbe0e47529422dd79d9e912fb5f1
SSDEEP

3072:UVBngiqOQkpyFjYOCMCgKz4SKvRjt0mgMx8dQYFYdE7ghaM:CBgHOQkqEx4SKvRx0mgLdQYFYushaM

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2364	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2364	AcroRd32.exe
2364	AcroRd32.exe
2364	AcroRd32.exe
2364	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\使用说明（必读）.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3df8715e35e40fb85257b34f099b4d78

SHA1
a56ef06e33d0bf40ec93495cc465758f8c24ea08

SHA256
984acc2bc0965f525b5c650483d99ac0e0498ef762bae1416312ddfaa28a9159

SHA512
9c3a0536fd0c0fb7f46809cf8799ff6a2248cc20307f236dd2fe5dc5c3643f06ed57a1e224f1636f917a84a961fb27f7e28578d8c19dd7807d0becd50934b995

Download Submit