Overview
overview
4Static
static
4CFDI042024...df.lnk
windows7-x64
3CFDI042024...df.lnk
windows10-2004-x64
3CFDI042024...14.dll
windows7-x64
1CFDI042024...14.dll
windows10-2004-x64
1CFDI042024...14.exe
windows7-x64
1CFDI042024...14.exe
windows10-2004-x64
1CFDI042024...14.pdf
windows7-x64
1CFDI042024...14.pdf
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
29-04-2024 16:45
Behavioral task
behavioral1
Sample
CFDI042024983859304465214.pdf.lnk
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CFDI042024983859304465214.pdf.lnk
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
CFDI042024983859304465214/CFDI042024983859304465214.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
CFDI042024983859304465214/CFDI042024983859304465214.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
CFDI042024983859304465214/CFDI042024983859304465214.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
CFDI042024983859304465214/CFDI042024983859304465214.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
CFDI042024983859304465214/CFDI042024983859304465214.pdf
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
CFDI042024983859304465214/CFDI042024983859304465214.pdf
Resource
win10v2004-20240419-en
General
-
Target
CFDI042024983859304465214/CFDI042024983859304465214.pdf
-
Size
130KB
-
MD5
176edf90783aef8df1f66f953ec30db1
-
SHA1
7f0622831926bcb825bd67515752edcf02a1fd67
-
SHA256
d0f7e4ab054350d35624185dfffe48eeb32d34abd00866c6ff8db50399faf84d
-
SHA512
7ee30e14798aaeecb8abdaf42e026d51ba56002a6b5eef093472be02d92537a65aa3975b127050a0522fa04483bba5ef973a9cecdf35f7ce1b0c8177eb558c84
-
SSDEEP
1536:+NT7EtdA5HMtiXnXcvMyWLNuIwiutrLHf78/z/2dDOh9if5RcMxxsSnFPEw9j2Kp:Yn0OXc/W5u/trL/W/2JOKfEMH9jN92xI
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 2264 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 2264 AcroRd32.exe 2264 AcroRd32.exe 2264 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CFDI042024983859304465214\CFDI042024983859304465214.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2264
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD530bfec8fb01366a33602520e7bd54263
SHA1ee41fa5e04f5bc554161f2105b031d3a9ff88fe1
SHA256efa0304f54c97a5e9dc4d52868c8aaf533a127574d173a6f615470920fac859d
SHA5120aecb0d889fd705358a602d75322014fe96a9a0c7ae87d133fa3b933e390fce9c16a4a250a625d214dbaac704decb4064c4f8006094b00704f2b649bc1df257e