6f0a85b660e5ebb4ac2f86fbf4dfce98ccaefa481899dbb9b0fdbccb83553000 | Triage

Analysis

max time kernel
171s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 22:09

Sharing

Report Analysis Logs

General

Target

testdisk.pdf
Size

239KB
MD5

ba1b8ffd3f6c3fe555e5c47f79d49481
SHA1

d0586493c5e47a025dd022e1d96eefaf3f94343d
SHA256

6f0a85b660e5ebb4ac2f86fbf4dfce98ccaefa481899dbb9b0fdbccb83553000
SHA512

a2770fa91e2a4c788a8f4d2d2d5db38cd5a033fe0858f0956660a663f8ada1a99890c2572d6676714f8e77f455df0a86384570ea23e4af1b758dea5b9dd5135f
SSDEEP

6144:COEzE1MHyzJ08KGHlDL2u+gHlZBh7S4Gr4AAinFA3sOLkV:CE1pzO8KFuHb7S4/XoFfnV

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2440	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2440	AcroRd32.exe
2440	AcroRd32.exe
2440	AcroRd32.exe
2440	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\testdisk.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b066e674119630cbdc7ef1fd149130d7

SHA1
9bcd14df9f85cfca1b11a06e06719b657a505f81

SHA256
b486edcfc3f33689f32b79f98fd36406a96e4e135af0d81a90e4d1057beea361

SHA512
1cb133db3efefed79b73203a1ced038fc0c4d6fa2da2dd0806e5373f384907c3f9869f19ddeee5b139b736e299f732157ef079473fc0beab9d41a49ac45dd747

Download Submit