Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 15:46

General

  • Target

    AIR FORCE/HYDRA PWS_Draft_RFI V1 .pdf

  • Size

    1.1MB

  • MD5

    b672eda48c239d30bb8c567f6cd78db2

  • SHA1

    012efedfa548fa45d59ca2ed6b0a517fc2d3194e

  • SHA256

    07a1274c8fc7532ece76113ef7636b43cc8b9bf874b8fe80d7f637903a4446a4

  • SHA512

    a5d3f883c9528452c175040bb8fe298ae6d29d18ecf72390044cabe5fc9d122c06619dd7c93ba4cbcccce438d0054ad252830c81f241f383edfe8f7410eb6fbf

  • SSDEEP

    24576:aHHSsUB6uqSWaiKCAo4oHcVvCOnxXUyQ4FuIwSQSD3kn5olO0CG:vB6bk9oHcVlxXUyQ4ZOSDe5j0CG

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AIR FORCE\HYDRA PWS_Draft_RFI V1 .pdf"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    dbc8f54af612a038aefca048cf60faa0

    SHA1

    f70323b3ca85d91786094fcf604031d218577f00

    SHA256

    9c0b7a773ae6c1abb7e41fe5b53759914c1b53b258adaf3d73c3ea9b4a1dc032

    SHA512

    07730d90507d5d8800da3361050e1fae0b62c093c6f5c214953adaaa2a8f5719e326656806d6759758f1904328214fa2b83981b1c4ed861e18e51984b378307e