Overview
overview
8Static
static
86480000079...LS.pdf
windows7-x64
16480000079...LS.pdf
windows10-2004-x64
16650000079...IT.pdf
windows7-x64
16650000079...IT.pdf
windows10-2004-x64
16800000032...AM.pdf
windows7-x64
16800000032...AM.pdf
windows10-2004-x64
16930000015...ON.doc
windows7-x64
46930000015...ON.doc
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-04-2024 01:41
Behavioral task
behavioral1
Sample
64800000797_IMO SYMBOLS.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
64800000797_IMO SYMBOLS.pdf
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
68000000326_DP216G BRIDGE TEAM.pdf
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
68000000326_DP216G BRIDGE TEAM.pdf
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
69300000159_TE352G-DG No1 CRANKSHAFT DEFLECTION.doc
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
69300000159_TE352G-DG No1 CRANKSHAFT DEFLECTION.doc
Resource
win10v2004-20240412-en
General
-
Target
66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf
-
Size
1.2MB
-
MD5
59db3e6443136010a55d8af99232d6f2
-
SHA1
1af66f2e5dd1e8606b176c983231d5130d46f27f
-
SHA256
a772c6d4e876a81a2470060c20343cf5fee92beb05b262687f04f54dac3ae919
-
SHA512
2b195e5675024fe4c6f72eb2eccbed2f155b710029e55cf55fd1ab2fddcbdb6762618c7ab0e93dbd11c58554d641a83113d78c9834422c293780a7c139751851
-
SSDEEP
24576:9BwrTt49wTkN0dSpPgzcghhoB/4l4JpboFoIFMK:Tm50r0dSBgrE/9zbQoIGK
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 1812 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 1812 AcroRd32.exe 1812 AcroRd32.exe 1812 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\66500000797_MI-07_5400049, CASCSDE TANK UNIT.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD522f0c15a2f44589e83a311c300879865
SHA19665fe94fd66fd42293ca1695edcaa13c9e7bc84
SHA256e88a64353248f5102a294ae009e7615847dcea312381a1dfb3334fc19602befb
SHA5128f663036b9930384e7f85cc17ecd485faba22cf3f266d05a227043ce43ea96d6c90c0b167bb1e69265565a8c3a3c3f9bcf7575fb308ea95394207c89c17c9c6f