1c371280ef5ddb832d5534e015869a5fe79a379649c64b69160533b81a219e46

Submit
Reports

Overview

overview

Static

static

AIR FORCE/...FP.pdf

windows7-x64

AIR FORCE/...FP.pdf

windows10-2004-x64

AIR FORCE/...ed.pdf

windows7-x64

AIR FORCE/...ed.pdf

windows10-2004-x64

AIR FORCE/...T).pdf

windows7-x64

AIR FORCE/...T).pdf

windows10-2004-x64

AIR FORCE/... 1.pdf

windows7-x64

AIR FORCE/... 1.pdf

windows10-2004-x64

AIR FORCE/...22.pdf

windows7-x64

AIR FORCE/...22.pdf

windows10-2004-x64

AIR FORCE/...ce.pdf

windows7-x64

AIR FORCE/...ce.pdf

windows10-2004-x64

AIR FORCE/...02.pdf

windows7-x64

AIR FORCE/...02.pdf

windows10-2004-x64

AIR FORCE/...05.pdf

windows7-x64

AIR FORCE/...05.pdf

windows10-2004-x64

AIR FORCE/...1 .pdf

windows7-x64

AIR FORCE/...1 .pdf

windows10-2004-x64

AIR FORCE/...ed.pdf

windows7-x64

AIR FORCE/...ed.pdf

windows10-2004-x64

AIR FORCE/...19.pdf

windows7-x64

AIR FORCE/...19.pdf

windows10-2004-x64

AIR FORCE/...AL.pdf

windows7-x64

AIR FORCE/...AL.pdf

windows10-2004-x64

AIR FORCE/...17.pdf

windows7-x64

AIR FORCE/...17.pdf

windows10-2004-x64

AIR FORCE/...20.pdf

windows7-x64

AIR FORCE/...20.pdf

windows10-2004-x64

AIR FORCE/...ts.pdf

windows7-x64

AIR FORCE/...ts.pdf

windows10-2004-x64

AIR FORCE/...30.pdf

windows7-x64

AIR FORCE/...30.pdf

windows10-2004-x64

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 15:46

Sharing

Copy URL

Twitter E-mail

Static task

static1

pdf link

2 signatures

Behavioral task

behavioral1

Sample

AIR FORCE/3. TMQ53 CLS PWS-RFP.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

AIR FORCE/3. TMQ53 CLS PWS-RFP.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

AIR FORCE/Attachment 0013g - D-IBCS-0471_Delta2_Suppl_PE_redacted.pdf

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

AIR FORCE/Attachment 0013g - D-IBCS-0471_Delta2_Suppl_PE_redacted.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

AIR FORCE/Attachment_7_-_Compliance_and_Reference_Documents_(DRAFT).pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

AIR FORCE/Attachment_7_-_Compliance_and_Reference_Documents_(DRAFT).pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral7

Sample

AIR FORCE/DRAFT JNWC-IV-IDIQ Work Statement v. 1.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

AIR FORCE/DRAFT JNWC-IV-IDIQ Work Statement v. 1.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral9

Sample

AIR FORCE/Draft GRIM SOW 7 Nov 2022.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

AIR FORCE/Draft GRIM SOW 7 Nov 2022.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral11

Sample

AIR FORCE/FTUAS Applicable Documents for Reference.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

AIR FORCE/FTUAS Applicable Documents for Reference.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral13

Sample

AIR FORCE/GEN-12-AMAM-02.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

AIR FORCE/GEN-12-AMAM-02.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral15

Sample

AIR FORCE/HSIP_FY21_SOW_BusinessPoints_20210105.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

AIR FORCE/HSIP_FY21_SOW_BusinessPoints_20210105.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral17

Sample

AIR FORCE/HYDRA PWS_Draft_RFI V1 .pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

AIR FORCE/HYDRA PWS_Draft_RFI V1 .pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral19

Sample

AIR FORCE/LCMP-IDE_Follow-on_Exception_to_Fair_Opportunity_Justification_(004)_Redacted.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

AIR FORCE/LCMP-IDE_Follow-on_Exception_to_Fair_Opportunity_Justification_(004)_Redacted.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

AIR FORCE/PBL_PWS_-_DRAFT_02212019.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

AIR FORCE/PBL_PWS_-_DRAFT_02212019.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral23

Sample

AIR FORCE/PSIR-APC-01 Industry Day 4_21_2021 FINAL.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

AIR FORCE/PSIR-APC-01 Industry Day 4_21_2021 FINAL.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral25

Sample

AIR FORCE/Polaris_Draft_SOW_1_Jun_2017.pdf

Resource

win7-20240220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

AIR FORCE/Polaris_Draft_SOW_1_Jun_2017.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral27

Sample

AIR FORCE/RFI_FMI_11192020.pdf

Resource

win7-20231129-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

AIR FORCE/RFI_FMI_11192020.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral29

Sample

AIR FORCE/Site Visit Sign In Sheets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

AIR FORCE/Site Visit Sign In Sheets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral31

Sample

AIR FORCE/VoICE Industry Day Presentation 20200930.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral32

Sample

AIR FORCE/VoICE Industry Day Presentation 20200930.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Report Analysis Logs

General

Target

AIR FORCE/GEN-12-AMAM-02.pdf
Size

123KB
MD5

6f2d44248dac1de7184107c850b76ca2
SHA1

b7548cfb27b1e41853ff18b8e23e482796c5859c
SHA256

72c7c7833f2572f9e3415b942ae65936e6849f8cc7fc682155a72937d36fe44d
SHA512

e11d4aae4dd808d9d1ba528e7426645694c87e531ad655b6059139f0a802dc3961d1aa40174a633c59dffc161f8c70cdf5d5fdb9d5fe7e79b1f679bc2bae228c
SSDEEP

3072:3vzI4Ai/ax66fkkNsp7ntYTtyqpvkqW0ei8s/tMLY4:3oi/e6gu7CT0qpvk4Fx/tMB

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1796	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1796	AcroRd32.exe
1796	AcroRd32.exe
1796	AcroRd32.exe

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AIR FORCE\GEN-12-AMAM-02.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e3c69077a27dab1070392664b651b88f

SHA1
fb3704ea5c9ba255f974ca6ad534e287c8d17a84

SHA256
6935fa0aa40c6d443af4cd98467c9932045ed458bafa668b4cd948a58d0a5d9c

SHA512
769362aedc25c42eb7b0cc152590b4d2d6ca9d000edcf2b4cf0256f76ab9d817f9df47adae733c1cc81e479c72de57cecea63ec2009a546d76426c6a73fecb1a

Download Submit