Overview

overview

3

Static

static

3

Understand...fe.pdf

windows7-x64

1

Understand...fe.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Understanding_a_Payloads_Life.pdf

  • Size

    4.7MB

  • MD5

    1481b92ff2af8677db95aca6eca50c9d

  • SHA1

    f749e486475da80ca3bc268030712ffc23e9601a

  • SHA256

    21271ef39311c668b64d0071c7f20a5e31feae6acbe017c9cb9ad4d0dce56393

  • SHA512

    5b4730389c22e414ced67e61b305575ffbe44b172705c9af07ef66e65200cbc641b8acb1a543e8adf62d94b025fa0c53e7398f34df7808aebfdf74440959c1e0

  • SSDEEP

    98304:J+Tzy/qGjKVtrrTtA/d1rSE2flr548dnXdpVJTI8GO475BGIWU96:J+TOyGOnrtIIs8t3jTIi47T96

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Understanding_a_Payloads_Life.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1400
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2844
  • C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Windows\system32\fltMC.exe
      fltmc
      2⤵
        PID:2668

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
      Filesize

      3KB

      MD5

      2ca86d5fce2ba488490282c664c7595d

      SHA1

      2607b2079f6ae536748b6962ea40a18810d55d45

      SHA256

      53db2ddc87c6caad7309a55abdbac9eed3d2d89c37acee8f2c0467e8ce6480c4

      SHA512

      c99ac51aa23e923f14d936d7f0ada464f880845a428a1ba6b8708af029abe3a5f9dcf02452f42d475322e283d9a28866e588be8da4cba0968e2b0a96c2acca92

      Download Submit
    • memory/2844-17-0x0000000140000000-0x00000001405E8000-memory.dmp
      Filesize

      5.9MB

      Download
    • memory/2844-18-0x0000000140000000-0x00000001405E8000-memory.dmp
      Filesize

      5.9MB

      Download