e0fe88e3912ee3f9447c30b42ecfafe05ededd091b844fd4c96e1eeb680fb650 | Triage

Resubmissions

12/03/2024, 13:07

240312-qcycwshe5w 3

12/03/2024, 13:00

240312-p8qr9abd93 3

Analysis

max time kernel
137s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 13:00

Sharing

Report Analysis Logs

General

Target

BOLETO (2).pdf
Size

22KB
MD5

27af655ff509d4b2a855310cd3dfa20f
SHA1

2368422adb9330f7be2724e66760ed4f581f4899
SHA256

55619062020642f1be89e9f8ef9e9bf1a7be86e480aa5211ff3f5e110e362ca9
SHA512

e4fb37c5f08a64a0393d3908254fe0be08b19a39198fe1911fc0ecd1337f22e69d50b1de19c6d5b6bbe4dda7b6a073fe7753b0e11a13e51b343806feabe07dbd
SSDEEP

384:48t/QrE/CmfI8G7i1LfKMX91twOgy714zs4pFhWhvkXyTZpD:NtqE/CmfI8oi1fP7twOnGvl4kCTjD

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1744	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1744	AcroRd32.exe
1744	AcroRd32.exe
1744	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\BOLETO (2).pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
1c3069acb41b1b2c9592c080ccde0ad7

SHA1
1bd64bd183c2c0fce5f8584ab9661311064396e2

SHA256
6f9c10adac44ee85b4fc136bf5dc2f82fc9845dfc07ca17ad040b38191eb4f01

SHA512
6ce93b69edfaa14cdaf731927360bc58ec2c230f202d7367d9931963943c67032237a8e2d622ddacbdb3dc83f12f1d529fd1eab30d1e2cae665f758fc7c11526

Download Submit