b23cb04afe59fee16c95ef5d24a67cb493d4ea88b62f6996e54493548acad6c2

Submit
Reports

Overview

overview

Static

static

samples3.zip

windows7-x64

samples3.zip

windows10-2004-x64

05cf6eee9b...b3.exe

windows7-x64

05cf6eee9b...b3.exe

windows10-2004-x64

0d332c0478...a7.exe

windows7-x64

0d332c0478...a7.exe

windows10-2004-x64

0fd8500fde...1e.exe

windows7-x64

0fd8500fde...1e.exe

windows10-2004-x64

11edf9436a...ed.pdf

windows7-x64

11edf9436a...ed.pdf

windows10-2004-x64

19a640415b...5c.exe

windows7-x64

19a640415b...5c.exe

windows10-2004-x64

33aa57b04b...cb.exe

windows7-x64

33aa57b04b...cb.exe

windows10-2004-x64

3643464a22...19.exe

windows7-x64

3643464a22...19.exe

windows10-2004-x64

37e2f97755...26.exe

windows7-x64

37e2f97755...26.exe

windows10-2004-x64

54cd11236f...ff.exe

windows7-x64

54cd11236f...ff.exe

windows10-2004-x64

55bc661ad4...8c.exe

windows7-x64

55bc661ad4...8c.exe

windows10-2004-x64

603d665f09...68.exe

windows7-x64

603d665f09...68.exe

windows10-2004-x64

6ea27a0861...7e.exe

windows7-x64

6ea27a0861...7e.exe

windows10-2004-x64

73af283fcb...0c.exe

windows7-x64

73af283fcb...0c.exe

windows10-2004-x64

7e41197b74...67.exe

windows7-x64

7e41197b74...67.exe

windows10-2004-x64

a878fed055...99.exe

windows7-x64

a878fed055...99.exe

windows10-2004-x64

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 15:27

Sharing

Copy URL

Twitter E-mail

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

samples3.zip

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

samples3.zip

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

05cf6eee9b0b2c049cec8ce775de0636ade55f23a51dc833170f09445719abb3.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7.exe

Resource

win7-20231215-en

persistence ransomware spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral6

Sample

0d332c04780976b3cf6d505b5d7060c2f40399f581a8629885ad086e967f68a7.exe

Resource

win10v2004-20231215-en

persistence ransomware spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral7

Sample

0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

0fd8500fdef116abae01a1dcfed2db9784bbcb753488710aa1048f2aa0fd111e.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf

Resource

win10v2004-20231222-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral11

Sample

19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c.exe

Resource

win7-20231215-en

phobos evasion persistence ransomware spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral12

Sample

19a640415bb2bbc2f2624c204f6c5771b908b6c54b88976eb0daa76a29af255c.exe

Resource

win10v2004-20231215-en

phobos evasion persistence ransomware spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Behavioral task

behavioral13

Sample

33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb.exe

Resource

win7-20231215-en

persistence

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral14

Sample

33aa57b04bbdcf9617ed334dda4aee9502be652771899c75937f0e1223c7e2cb.exe

Resource

win10v2004-20231215-en

persistence

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral15

Sample

3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19.exe

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

3643464a225aa2ad5c9c9657d4fd05b943fdd9c04ca36b9d3610a04332909d19.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral17

Sample

37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

37e2f977559a58cb33f7128ad7699a5c4f7c0013d8d83b1eda93a59ae35ba526.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe

Resource

win7-20231215-en

bootkit persistence

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral20

Sample

54cd11236fdc2a40b505598541f64e8a6bd9ea84552b6d5946777badf8a2b7ff.exe

Resource

win10v2004-20231215-en

bootkit persistence

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe

Resource

win7-20231215-en

ransomware spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral22

Sample

55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe

Resource

win10v2004-20231215-en

spyware stealer

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral24

Sample

603d665f09a9a199a4b5b9f8d1841a07ae9c525f275fc54c7cb15953d73ff568.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e.exe

Resource

win7-20231129-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

6ea27a08617ed35f8340fcc9eda5ccd7316eed9b192e3a7efd4cd5e1b8a4fc7e.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c.exe

Resource

win7-20231215-en

evasion

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

73af283fcb06a9ea35ea6ad24b62b302459594f4b09dbba2d74001bf90ab020c.exe

Resource

win10v2004-20231215-en

evasion

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667.exe

Resource

win7-20231215-en

ransomware spyware stealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

7e41197b74e2dcc6c0563d4b71a4ad16293909889ce4f1c5ab214bdd59088667.exe

Resource

win10v2004-20231222-en

ransomware spyware stealer

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe

Resource

win7-20231215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral32

Sample

a878fed05519b4e0898e26a79cc646c0bb7b9e380c94f06baecc750f0ab97b99.exe

Resource

win10v2004-20231222-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf
Size

184KB
MD5

88bca052a833461e2dd2b3170fff76c0
SHA1

1304478347bd7f47b84cd39ffc545ac1f55707c1
SHA256

11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed
SHA512

098639ca995bcc33b1a309c3add6a60b9ab69e527dedf7005ac0c8dcc21e30070460bc7fec4b73ede0cd475244c03a6fad527f4732bb3dd559a5f9a0e34526c6
SSDEEP

3072:XT8Q2YM+ti7mMzJ5HQOEzsTKshIK7Yw31MXM2fbGBeaIIadcXnMFGoF:j8epiyiwl01MTc2jGQjZdc6GoF

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2916 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

2916 AcroRd32.exe
2916 AcroRd32.exe
2916 AcroRd32.exe

pid	process
2916	AcroRd32.exe

pid	process
2916	AcroRd32.exe
2916	AcroRd32.exe
2916	AcroRd32.exe

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\11edf9436a9205c88c2a815cf6ebfb0a7a42eb150a2649766b3bb30350ee35ed.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
Filesize
3KB

MD5
a797dffa89b72b21782fecdd414f69f1

SHA1
ea75c3a5b1c6b86ea2f4ec8291cfb9d5ea8510b9

SHA256
bacf9e73f7d6fefe25471d7140cc8a72130c32bf6d52d7bad9726f2ff516cedc

SHA512
0d6b5cd52ec9a026a8af784192d2e2663ac74a2c3178edb34190b3a8c965424b115f6eae19b03840ec7ffc874dd01602e1e7bd51b221035e3e9652653d18b921

Download Submit