Analysis
-
max time kernel
117s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 09:55
Behavioral task
behavioral1
Sample
6552404ecf6eebce940f6bb57b3c60ff.pdf
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6552404ecf6eebce940f6bb57b3c60ff.pdf
Resource
win10v2004-20231215-en
General
-
Target
6552404ecf6eebce940f6bb57b3c60ff.pdf
-
Size
9KB
-
MD5
6552404ecf6eebce940f6bb57b3c60ff
-
SHA1
21afdabc4bbfe7eeeacd2d741e75715b01201253
-
SHA256
30b05ea1b5f3788983f795db8d327e4b464958f63dc2dfc2a3b30858de5d0da2
-
SHA512
a8196ffc4eb4dd228c4458e9987b7ea24afe5ab70339a459eeb307b6af640a2cc07fdac289abcf7892b486b499559706c7f2a9d5c9382f4343ccf0bc834479ba
-
SSDEEP
192:F3hzajYywAO9G+/vqvQNi/60un/TEI4hVDk2G+IkxDbufs1V9+jE:dhzazwAO9GiUQi/60G7x4hdD7IEbuU97
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1340 AcroRd32.exe 1340 AcroRd32.exe 1340 AcroRd32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1340 wrote to memory of 2128 1340 AcroRd32.exe 29 PID 1340 wrote to memory of 2128 1340 AcroRd32.exe 29 PID 1340 wrote to memory of 2128 1340 AcroRd32.exe 29 PID 1340 wrote to memory of 2128 1340 AcroRd32.exe 29 PID 1340 wrote to memory of 2128 1340 AcroRd32.exe 29 PID 1340 wrote to memory of 2128 1340 AcroRd32.exe 29 PID 1340 wrote to memory of 2128 1340 AcroRd32.exe 29
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6552404ecf6eebce940f6bb57b3c60ff.pdf"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 -s C:\Users\Admin\AppData\Local\Temp\wpbt0.dll2⤵PID:2128
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD525e5962d6455f224412560450b444a55
SHA167d09d106b5a3d71b616c2b820181a7b72fc5705
SHA256636b745ffa945334fc8bd552db3b3f8fec331ec4b3334045dc0a8385b54045c1
SHA512f016ca7d73f222f4a7c4d3ad41585508529e2d66e1586772c6fc173f2adb92403124377a82bf9dcd71268b323b87b1f338a1b08b99cb37cc50267123d9e6b7c9