Analysis

  • max time kernel
    175s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 20:39 UTC

General

  • Target

    1bfd3ef9bc28946d1dc0cc272b86719c.pdf

  • Size

    84KB

  • MD5

    1bfd3ef9bc28946d1dc0cc272b86719c

  • SHA1

    c9ecb3adbbdfa3e174ea0d82cc5cab5f367d2b89

  • SHA256

    a0a1ad088b8e28c004d635b01b382e5b878cacfc042c6233736bf436cbc62db8

  • SHA512

    751156933569c32191afe03e3d6262725dffab60727a49e9155d181452d3b0e3142211eab35dd1e430304ed29fae2f0bb6de9bd7b1407e7a71f3fac43af94df3

  • SSDEEP

    1536:4PVWg/yPn5PUxio1gvhdzmdYuFLT1pF0NMU2yKIvW/MpkbB/BwfKJF0WJWUpO7w1:U8gaf5PWioGvTOdL6NMUFDp+B/BFJF0Y

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1bfd3ef9bc28946d1dc0cc272b86719c.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    2b57f92c53d922e15f274f72098b6f04

    SHA1

    f040396112a55e72da3b06ceb59ade0d3261861e

    SHA256

    f877f5d0c79a2ff37b143843e4fa26a9f2a86dc68ca3b48063d2c84835ff3041

    SHA512

    3cbe6b470accb553256f8463a29f64b73c77f52df93288930e36c81d368c26c96e59b310d8a9da14ca0414a9eeebec04ff85854160c49036744b94529d68e47b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.