Overview

overview

4

Static

static

4

AIR FORCE/...FP.pdf

windows7-x64

1

AIR FORCE/...FP.pdf

windows10-2004-x64

1

AIR FORCE/...ed.pdf

windows7-x64

1

AIR FORCE/...ed.pdf

windows10-2004-x64

1

AIR FORCE/...T).pdf

windows7-x64

1

AIR FORCE/...T).pdf

windows10-2004-x64

1

AIR FORCE/... 1.pdf

windows7-x64

1

AIR FORCE/... 1.pdf

windows10-2004-x64

1

AIR FORCE/...22.pdf

windows7-x64

1

AIR FORCE/...22.pdf

windows10-2004-x64

1

AIR FORCE/...ce.pdf

windows7-x64

1

AIR FORCE/...ce.pdf

windows10-2004-x64

1

AIR FORCE/...02.pdf

windows7-x64

1

AIR FORCE/...02.pdf

windows10-2004-x64

1

AIR FORCE/...05.pdf

windows7-x64

1

AIR FORCE/...05.pdf

windows10-2004-x64

1

AIR FORCE/...1 .pdf

windows7-x64

1

AIR FORCE/...1 .pdf

windows10-2004-x64

1

AIR FORCE/...ed.pdf

windows7-x64

1

AIR FORCE/...ed.pdf

windows10-2004-x64

1

AIR FORCE/...19.pdf

windows7-x64

1

AIR FORCE/...19.pdf

windows10-2004-x64

1

AIR FORCE/...AL.pdf

windows7-x64

1

AIR FORCE/...AL.pdf

windows10-2004-x64

1

AIR FORCE/...17.pdf

windows7-x64

1

AIR FORCE/...17.pdf

windows10-2004-x64

1

AIR FORCE/...20.pdf

windows7-x64

1

AIR FORCE/...20.pdf

windows10-2004-x64

1

AIR FORCE/...ts.pdf

windows7-x64

1

AIR FORCE/...ts.pdf

windows10-2004-x64

1

AIR FORCE/...30.pdf

windows7-x64

1

AIR FORCE/...30.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AIR FORCE/HSIP_FY21_SOW_BusinessPoints_20210105.pdf

  • Size

    865KB

  • MD5

    cb1d711143d989972ba6fe98ba2d0b13

  • SHA1

    04935de584e065b77d2377180e1bf7b1e5cb11ab

  • SHA256

    0ffcbbb960a9f3b55eb047b01d5553e6e431c82f6c3312fb09b4d36b15daac8f

  • SHA512

    e74638003636d0accb27002799518824a689db08d9b052ea42bbaf79d360c1e79bf17ea86dd72301841e0de54108202295cfd53c0b83c3db147f9dc2d88e355c

  • SSDEEP

    12288:1J36aYpa96/8wsO8OKDihujrCiIhUfQNd6mFSqrAuH/sFuhgXikXT+5l6lNRWqAe:TT+aMhsO8OKD+NLFSOEm/kL3WlSB

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AIR FORCE\HSIP_FY21_SOW_BusinessPoints_20210105.pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    f82533e9896db4f74f26daf13fae1d10

    SHA1

    05f5b30eead8ffbf55ad64c86c33727448f181b2

    SHA256

    5f65f7cc69035b6212cdf04c9da2a629ca0fc6c4eeab56e809a7dcf6c922ab01

    SHA512

    762c9e3c87b64f61b82280bebc70607378a514c0b1ae7ded6f92a5f15c55a8fc94f40e01b2bea55d9a426d5d13c8fdb42853ab417aaace484effbbd6dfd5ef80

    Download Submit