1c371280ef5ddb832d5534e015869a5fe79a379649c64b69160533b81a219e46

Submit
Reports

Overview

overview

Static

static

AIR FORCE/...FP.pdf

windows7-x64

AIR FORCE/...FP.pdf

windows10-2004-x64

AIR FORCE/...ed.pdf

windows7-x64

AIR FORCE/...ed.pdf

windows10-2004-x64

AIR FORCE/...T).pdf

windows7-x64

AIR FORCE/...T).pdf

windows10-2004-x64

AIR FORCE/... 1.pdf

windows7-x64

AIR FORCE/... 1.pdf

windows10-2004-x64

AIR FORCE/...22.pdf

windows7-x64

AIR FORCE/...22.pdf

windows10-2004-x64

AIR FORCE/...ce.pdf

windows7-x64

AIR FORCE/...ce.pdf

windows10-2004-x64

AIR FORCE/...02.pdf

windows7-x64

AIR FORCE/...02.pdf

windows10-2004-x64

AIR FORCE/...05.pdf

windows7-x64

AIR FORCE/...05.pdf

windows10-2004-x64

AIR FORCE/...1 .pdf

windows7-x64

AIR FORCE/...1 .pdf

windows10-2004-x64

AIR FORCE/...ed.pdf

windows7-x64

AIR FORCE/...ed.pdf

windows10-2004-x64

AIR FORCE/...19.pdf

windows7-x64

AIR FORCE/...19.pdf

windows10-2004-x64

AIR FORCE/...AL.pdf

windows7-x64

AIR FORCE/...AL.pdf

windows10-2004-x64

AIR FORCE/...17.pdf

windows7-x64

AIR FORCE/...17.pdf

windows10-2004-x64

AIR FORCE/...20.pdf

windows7-x64

AIR FORCE/...20.pdf

windows10-2004-x64

AIR FORCE/...ts.pdf

windows7-x64

AIR FORCE/...ts.pdf

windows10-2004-x64

AIR FORCE/...30.pdf

windows7-x64

AIR FORCE/...30.pdf

windows10-2004-x64

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 15:46

Sharing

Copy URL

Twitter E-mail

Static task

static1

pdf link

2 signatures

Behavioral task

behavioral1

Sample

AIR FORCE/3. TMQ53 CLS PWS-RFP.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

AIR FORCE/3. TMQ53 CLS PWS-RFP.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

AIR FORCE/Attachment 0013g - D-IBCS-0471_Delta2_Suppl_PE_redacted.pdf

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

AIR FORCE/Attachment 0013g - D-IBCS-0471_Delta2_Suppl_PE_redacted.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

AIR FORCE/Attachment_7_-_Compliance_and_Reference_Documents_(DRAFT).pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

AIR FORCE/Attachment_7_-_Compliance_and_Reference_Documents_(DRAFT).pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral7

Sample

AIR FORCE/DRAFT JNWC-IV-IDIQ Work Statement v. 1.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

AIR FORCE/DRAFT JNWC-IV-IDIQ Work Statement v. 1.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral9

Sample

AIR FORCE/Draft GRIM SOW 7 Nov 2022.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

AIR FORCE/Draft GRIM SOW 7 Nov 2022.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral11

Sample

AIR FORCE/FTUAS Applicable Documents for Reference.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

AIR FORCE/FTUAS Applicable Documents for Reference.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral13

Sample

AIR FORCE/GEN-12-AMAM-02.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

AIR FORCE/GEN-12-AMAM-02.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral15

Sample

AIR FORCE/HSIP_FY21_SOW_BusinessPoints_20210105.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

AIR FORCE/HSIP_FY21_SOW_BusinessPoints_20210105.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral17

Sample

AIR FORCE/HYDRA PWS_Draft_RFI V1 .pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

AIR FORCE/HYDRA PWS_Draft_RFI V1 .pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral19

Sample

AIR FORCE/LCMP-IDE_Follow-on_Exception_to_Fair_Opportunity_Justification_(004)_Redacted.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

AIR FORCE/LCMP-IDE_Follow-on_Exception_to_Fair_Opportunity_Justification_(004)_Redacted.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

AIR FORCE/PBL_PWS_-_DRAFT_02212019.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

AIR FORCE/PBL_PWS_-_DRAFT_02212019.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral23

Sample

AIR FORCE/PSIR-APC-01 Industry Day 4_21_2021 FINAL.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

AIR FORCE/PSIR-APC-01 Industry Day 4_21_2021 FINAL.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral25

Sample

AIR FORCE/Polaris_Draft_SOW_1_Jun_2017.pdf

Resource

win7-20240220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

AIR FORCE/Polaris_Draft_SOW_1_Jun_2017.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral27

Sample

AIR FORCE/RFI_FMI_11192020.pdf

Resource

win7-20231129-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

AIR FORCE/RFI_FMI_11192020.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral29

Sample

AIR FORCE/Site Visit Sign In Sheets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

AIR FORCE/Site Visit Sign In Sheets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral31

Sample

AIR FORCE/VoICE Industry Day Presentation 20200930.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral32

Sample

AIR FORCE/VoICE Industry Day Presentation 20200930.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Report Analysis Logs

General

Target

AIR FORCE/RFI_FMI_11192020.pdf
Size

417KB
MD5

8aef27720b4e740ead011f2624f2d0fc
SHA1

cc065d3afa119ad22ba28179a07f9614f5e93b80
SHA256

7615460c18ef1cea24ebab898798d77dc68d5e898901d6472d1a7c996d0edb34
SHA512

1c514094f8529b6437e7b11c2cb39063913232e820fa11667765740f275e906727b73bf170a4edf5589ef33e325de0984fdddd21e2bd54b6e6969e5bbb0e1398
SSDEEP

6144:Aee+M7cnlrFZf0egF22XOKXByt5m4+XZzVb2r1CuTEsDdGrtYliDkLCpdO4GDcj:Avkl3f0eEKKIm4+pZshgf2liDkLnnDm

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1964	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1964	AcroRd32.exe
1964	AcroRd32.exe
1964	AcroRd32.exe

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AIR FORCE\RFI_FMI_11192020.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
872578ca016162218892f4cb5304ce35

SHA1
0ba9a33d034365dbd19730ff7c207e253b90183d

SHA256
96bca604e5345c38b677ac462687fcb6762cdc55aa7629a09cb4f45af9f3019f

SHA512
bf1ca8a572e9eead728ce95409ea6c309ec51eb12f989012bee6f0c0dba35677ac7f9d6bb7fecf08ca5ac96a308cb66092f0052ce66867be5cf8f080294f08ba

Download Submit