Overview
overview
5Static
static
3[EXTERNAL]...03.eml
windows7-x64
5[EXTERNAL]...03.eml
windows10-2004-x64
1=?UTF-8?B?...?=.pdf
windows7-x64
1=?UTF-8?B?...?=.pdf
windows10-2004-x64
1=?Windows-...?=.png
windows7-x64
3=?Windows-...?=.png
windows10-2004-x64
1email-html-2.txt
windows7-x64
1email-html-2.txt
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1Resubmissions
09-03-2024 01:45
240309-b6vfrscb5v 507-03-2024 20:33
240307-zb7plsdc74 507-03-2024 20:30
240307-y95ggaea4y 507-03-2024 20:26
240307-y79cmsdh7z 5Analysis
-
max time kernel
121s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-03-2024 20:33
Behavioral task
behavioral1
Sample
[EXTERNAL] 2024 Benefit Enrollment & Payroll Handbook Booklet Begins 07_03.eml
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
[EXTERNAL] 2024 Benefit Enrollment & Payroll Handbook Booklet Begins 07_03.eml
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
=?UTF-8?B?VG95b3RhIEJlbmVmaXQgRW5yb2xtZW50LnBkZg==?=.pdf
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
=?UTF-8?B?VG95b3RhIEJlbmVmaXQgRW5yb2xtZW50LnBkZg==?=.pdf
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
=?Windows-1254?B?dG95b3RhLnBuZw==?=.png
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
=?Windows-1254?B?dG95b3RhLnBuZw==?=.png
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
email-html-2.txt
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
email-html-2.txt
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
email-plain-1.txt
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
email-plain-1.txt
Resource
win10v2004-20240226-en
General
-
Target
=?UTF-8?B?VG95b3RhIEJlbmVmaXQgRW5yb2xtZW50LnBkZg==?=.pdf
-
Size
10KB
-
MD5
bd3a12d52669f561ec7292f97145eed1
-
SHA1
dd1161376edc8e5be6eec47752b23961ed245c14
-
SHA256
03a0a317daf0b61200ba338a91bd7902e957fe198d5a285a23bfffa289be9b8e
-
SHA512
7f0c9fbd425cbde63363562a152bafb576eadc901638f2314550467d7592b1d5a4b7bce6912e46c5976eb8f869874c054948e284cf1d1fb95852e6f2c647b3bb
-
SSDEEP
96:Bv9Rq3+rEhoLVrZE8lPo8ZMC83JdQPoAR/Evh9vuURp6MuEkOBBWBBFB2vByeBB4:bBQAe8lw8GC8LQPoARsvhxRp6MuEoFDt
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 2508 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 2508 AcroRd32.exe 2508 AcroRd32.exe 2508 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\=_UTF-8_B_VG95b3RhIEJlbmVmaXQgRW5yb2xtZW50LnBkZg==_=.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD58777317e60a83194269a662611be7171
SHA1d8e63e9b7832b874a302aa2f81de93b93dbad94d
SHA256d20bc000ac446e51017dc95063ed35811324425328f88d07850e48b578353d0e
SHA5129142f3fcf754120fd8263aa13c1ed984ca8a8ac856a93a139bda0a4f909cddd544d852b3bd518b1175f9f07a05439af6d1a9fd74bb122d1d90d0d0742edbfe39