74909ca72aac651710a99c8a7adfe42588ffa69d2fa0db6369a41fce4f0e08c0 | Triage

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 13:11

Sharing

Report Analysis Logs

General

Target

FS4263.pdf
Size

230KB
MD5

be97ebb89be1a77581991593726a2030
SHA1

1db6fa8258d8c6802d4693797c2cd9e10c6b23de
SHA256

1a70f73e6efe1c057b4aeb822aa0e68b6e449a40820c7b02265eafb8a4a2c54c
SHA512

3f11682b0f81de65a87f82c87cb86f88b34bcc166cb3e9cc284482d55522f60e09e508551ec67a74dca96839fdd1ae85b5306756927ec8301e1f21ac5ade0a08
SSDEEP

6144:pMLIVeJDO7V5XuVot980HwnFFFku1KG+spo58Mwdtd:pMLIgJDyX6KHw11npWFwzd

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1964	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1964	AcroRd32.exe
1964	AcroRd32.exe
1964	AcroRd32.exe
1964	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\FS4263.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a808d5f6c35a5387b584b86f10dd7acd

SHA1
34cb60776949a5e209bff478bd9c331f2e979043

SHA256
2a726a4a25ac3614aba7b9c4bf1d5bdf7e1da38ae2c4b4f17560e0c4631f80cb

SHA512
bc4ced8e497b1c77f49e45e401f0311df900a69512163c3adbec58c3e6767327a58778bc274e3c4f9aad37cf23613dae133b16b34b461433264ef9bdeed16ccc

Download Submit