6e1a5e9456a5e4246089a0f515b17ad84238a5bc2cd4ab06a7e0e8d1af4e80fa | Triage

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 03:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dbc9b793c21212fba19c297f9b488f90_NEIKI.pdf
Size

117KB
MD5

dbc9b793c21212fba19c297f9b488f90
SHA1

b4410dd8d696e57ee6d8e77932aa491cb9da88b8
SHA256

6e1a5e9456a5e4246089a0f515b17ad84238a5bc2cd4ab06a7e0e8d1af4e80fa
SHA512

25cc943f9006f8f3673890144ccd2b8acda03b2501c9734661e00aa240be593dbc8235595f2bc887a7a703b70dfc9e31d3c5a45ab534f0962d57abdee65b20cc
SSDEEP

3072:SSKjY5f5T1Kf5wrUVb3M3TNwT5DCemogq:N+Yll1oKrUR3M35iJdN

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2984	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2984	AcroRd32.exe
2984	AcroRd32.exe
2984	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dbc9b793c21212fba19c297f9b488f90_NEIKI.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
fcf761867aeebf96518f1d6ba680bc02

SHA1
aa0d25f380a7e711d66877539e5b11d19e0a84e3

SHA256
9e02246ce9970ba4593e67ae761727aa32dbb0450e3506fba3afe4abbdcf479f

SHA512
78d9ebe997fac675102cf14f606336aa59ec08db95b372ab5111c6313a56870634789af816a3e95d20e039d343fcbf17099c9faf8a03f936ebb298ccc20b3b48

Download Submit