Overview

overview

4

Static

static

4

20240403 -...V1.pdf

windows7-x64

1

20240403 -...V1.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-04-2024 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20240403 - LLA phishing incident reported TLP AMBER V1.pdf

  • Size

    770KB

  • MD5

    4d23f9017c5a86c1f03a303a2b51cf73

  • SHA1

    acee7f381030d1011d01ef839e04208a2f90de45

  • SHA256

    581926400593629e66631e28ae5fb343281cd7443f18fdf90e204bdb0f726f90

  • SHA512

    97d055cee4aba66141cc30903dd9cadf5b38da164bbf1280510792bb0249100693d6e59f21855351a952bf0a9ef7cf1c871b14d3a6d2fed5ef5f258733fba924

  • SSDEEP

    24576:bKLXny+D28u18JVRNWgGQCYEH9lgJis1z426T:bKLXy+C8u1uNzGQCF9lgJis1/6T

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\20240403 - LLA phishing incident reported TLP AMBER V1.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    f4a3297e5cc5ce140baed7d4bdbe9532

    SHA1

    8727dd7c68d8aba85b717f8b6942c92a9c7c0918

    SHA256

    4edb192c5853878696d30de9edc65335e2a1373c61f962851905469427157196

    SHA512

    20fc926bc5c39c87e87677ec6613da8fac02066bb6dd4272fcd8955d18e31eefd22e4992d5637d3317d4376537a673d68caceb1235a8ff48bd8d6ec004d6c60c

    Download Submit