Overview

overview

10

Static

static

10

163.5.169....r2.hta

windows7-x64

3

163.5.169....r2.hta

windows10-2004-x64

8

163.5.169....r2.pdf

windows7-x64

1

163.5.169....r2.pdf

windows10-2004-x64

1

163.5.169....r3.hta

windows7-x64

3

163.5.169....r3.hta

windows10-2004-x64

10

163.5.169....r3.pdf

windows7-x64

1

163.5.169....r3.pdf

windows10-2004-x64

1

163.5.169....r4.hta

windows7-x64

3

163.5.169....r4.hta

windows10-2004-x64

7

163.5.169....r4.pdf

windows7-x64

1

163.5.169....r4.pdf

windows10-2004-x64

1

163.5.169....r5.hta

windows7-x64

3

163.5.169....r5.hta

windows10-2004-x64

10

163.5.169....r5.pdf

windows7-x64

1

163.5.169....r5.pdf

windows10-2004-x64

1

163.5.169....r2.hta

windows7-x64

3

163.5.169....r2.hta

windows10-2004-x64

7

163.5.169....er.hta

windows7-x64

3

163.5.169....er.hta

windows10-2004-x64

8

163.5.169....r2.hta

windows7-x64

3

163.5.169....r2.hta

windows10-2004-x64

1

163.5.169....ry.gif

windows7-x64

1

163.5.169....ry.gif

windows10-2004-x64

1

163.5.169....nk.gif

windows7-x64

1

163.5.169....nk.gif

windows10-2004-x64

1

163.5.169.28/cmd.exe

windows7-x64

163.5.169.28/cmd.exe

windows10-2004-x64

1

163.5.169.28/cmt.exe

windows7-x64

1

163.5.169.28/cmt.exe

windows10-2004-x64

1

163.5.169.28/fd1.exe

windows7-x64

10

163.5.169.28/fd1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    163.5.169.28/SCAN-atoletter2.pdf

  • Size

    168KB

  • MD5

    94667972ade0e377d8edd7f16730a0db

  • SHA1

    7e097e209bfcef8f11ff319fc5d2953fa436875b

  • SHA256

    3d29d9e8dd685c045d594a530a29c873b9d6c1957e9616675a0087746d592fa9

  • SHA512

    83fbf17fcf72f023f71a68583acdfcd65eeb8702c09f90d10af6e284eb400ce49802a3d26492e6cddc2406aadfdc1f6d14f01c7fc6498b6d2b836f60c81d3d67

  • SSDEEP

    3072:9pAXRLFm5rv1Wqu9r1RRbgz/hdcJ0XWLtSvi6dzRov5dMWv4yqF:+RLF8Bux5grI9c6DTMPyi

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\163.5.169.28\SCAN-atoletter2.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    bd26841af657481477944fe69983958d

    SHA1

    03a412f786c09e01736dc5877e094941924cc405

    SHA256

    a5af213c68f0c256d6f0af157423996489c127ff9bf6d577c7647eb1739f002a

    SHA512

    8a7d54c151cc2da1e3da45f652f67f795578cf666edefc0f70133723aa0cc76b8b0c71a69daf9fa8bd52dc9ae40f0baaca0d7babdd857f742b311ee7f6c9572f

    Download Submit