Overview

overview

10

Static

static

3

Agreement.pdf.exe

windows7-x64

3

Agreement.pdf.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2023, 16:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Agreement.pdf.exe

  • Size

    61.9MB

  • MD5

    978508efcdf53658ebe6d1bcf5068136

  • SHA1

    01fb4896d41e36fd556ff60bd1edda68187c1c75

  • SHA256

    f179f20f9a2d68c90b15a04d41df43569be87de91e177901d886a25a54b027dd

  • SHA512

    56db783890179ae6ec5d930c522691f329eee13987f039c7d9b3a4b6e76533cbc4580ee80741a3b3e1bda8e81ef24b945431b2209d8ab6e4bd895aab0662e2dd

  • SSDEEP

    1572864:fORQvq3E+k1xXCGkufMkscPdZKsUB/ayrxr12GaGfF11A9o1NCQCje6q:fOKvq361dCGtM6d8LayrxpVzRF1Cje6q

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Agreement.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Agreement.pdf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\Agreement.pdf"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2700

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\Agreement.pdf
          Filesize

          2KB

          MD5

          6f45a52dcd7e3acdfaed53eb0a5783f5

          SHA1

          410db2d97204b95992dcfa8fd639dfeea642d627

          SHA256

          6d2f5067570e8c93b2cc2b03bf71e22c53505b660aea5caaa401e4885d0e8851

          SHA512

          a1a52e917f0bcba250f7e4dde59c1f0942db9298b5f31afb3d408ab6e935ea5cff5eb73030691512727c9dc4549c64134a8eff9cd475f296287872923e574b15

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          4cd52bd2f41e65d34ae11f7329bd3f21

          SHA1

          02ab652aebd04bc23d8514c7e0376c3fac4632e8

          SHA256

          56215e8f2b2b5c61be45bff0d349aeb7c94cdaff50c8426ad7d5710b5ab73faf

          SHA512

          54eac3e77355558afbb652b40c1d2c1babbf2670c817e1d9c0cc23eafacdf96eb596a8b791fac823ccc080bc8e28c05e0d420d3ea0a8c8747776b5e2a0df3118

          Download Submit