Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
20/09/2023, 08:25
Behavioral task
behavioral1
Sample
Why do so many companies use THEPEOPEOPLE.COM.pdf
Resource
win7-20230831-en
General
-
Target
Why do so many companies use THEPEOPEOPLE.COM.pdf
-
Size
3.3MB
-
MD5
238613b1a52e8b82097a631aafb5764b
-
SHA1
5998baf2753dad78db04374c3910b4995eeff014
-
SHA256
bbaa36da9b780451e8a4be5c83ffb9b525fb296ebc500c37bcf19df68964560c
-
SHA512
ad7f09608bf9160b9d5c8da15e73320f2986ee75b55ba1ec0f1f8665c60cc40b55c03059afbb99fc7837e7c7c1b56c4b218e232d92198c8c9875843b19f27088
-
SSDEEP
49152:Jwiv8ul3lWa81u7B0Jiywiro3h2mI0wa+1MnB0Jiywiro3h2WIH:KIl3lWa0gB8bbro3hoa+UB8bbro3hu
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3000 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 3000 AcroRd32.exe 3000 AcroRd32.exe 3000 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Why do so many companies use THEPEOPEOPLE.COM.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3000
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD556d25670374586b492c44db941ad99e9
SHA101a3ef8ee21a2f5f2b308de8e40689481828a622
SHA2566942f0e25a71817849c1c6afd0b7db2d0d43e480ff87d3c9e4c99f23a6c65096
SHA5129c371e4403ab9494c11c87e061047a053a6a036e8befd3bed9bcb98512024af72a65183f52194c2bcbefd59224e965e8104dce9f46241cd5fd23f6226d956eb6