1c371280ef5ddb832d5534e015869a5fe79a379649c64b69160533b81a219e46

Submit
Reports

Overview

overview

Static

static

AIR FORCE/...FP.pdf

windows7-x64

AIR FORCE/...FP.pdf

windows10-2004-x64

AIR FORCE/...ed.pdf

windows7-x64

AIR FORCE/...ed.pdf

windows10-2004-x64

AIR FORCE/...T).pdf

windows7-x64

AIR FORCE/...T).pdf

windows10-2004-x64

AIR FORCE/... 1.pdf

windows7-x64

AIR FORCE/... 1.pdf

windows10-2004-x64

AIR FORCE/...22.pdf

windows7-x64

AIR FORCE/...22.pdf

windows10-2004-x64

AIR FORCE/...ce.pdf

windows7-x64

AIR FORCE/...ce.pdf

windows10-2004-x64

AIR FORCE/...02.pdf

windows7-x64

AIR FORCE/...02.pdf

windows10-2004-x64

AIR FORCE/...05.pdf

windows7-x64

AIR FORCE/...05.pdf

windows10-2004-x64

AIR FORCE/...1 .pdf

windows7-x64

AIR FORCE/...1 .pdf

windows10-2004-x64

AIR FORCE/...ed.pdf

windows7-x64

AIR FORCE/...ed.pdf

windows10-2004-x64

AIR FORCE/...19.pdf

windows7-x64

AIR FORCE/...19.pdf

windows10-2004-x64

AIR FORCE/...AL.pdf

windows7-x64

AIR FORCE/...AL.pdf

windows10-2004-x64

AIR FORCE/...17.pdf

windows7-x64

AIR FORCE/...17.pdf

windows10-2004-x64

AIR FORCE/...20.pdf

windows7-x64

AIR FORCE/...20.pdf

windows10-2004-x64

AIR FORCE/...ts.pdf

windows7-x64

AIR FORCE/...ts.pdf

windows10-2004-x64

AIR FORCE/...30.pdf

windows7-x64

AIR FORCE/...30.pdf

windows10-2004-x64

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 15:46

Sharing

Copy URL

Twitter E-mail

Static task

static1

pdf link

2 signatures

Behavioral task

behavioral1

Sample

AIR FORCE/3. TMQ53 CLS PWS-RFP.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

AIR FORCE/3. TMQ53 CLS PWS-RFP.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

AIR FORCE/Attachment 0013g - D-IBCS-0471_Delta2_Suppl_PE_redacted.pdf

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

AIR FORCE/Attachment 0013g - D-IBCS-0471_Delta2_Suppl_PE_redacted.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

AIR FORCE/Attachment_7_-_Compliance_and_Reference_Documents_(DRAFT).pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

AIR FORCE/Attachment_7_-_Compliance_and_Reference_Documents_(DRAFT).pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral7

Sample

AIR FORCE/DRAFT JNWC-IV-IDIQ Work Statement v. 1.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

AIR FORCE/DRAFT JNWC-IV-IDIQ Work Statement v. 1.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral9

Sample

AIR FORCE/Draft GRIM SOW 7 Nov 2022.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

AIR FORCE/Draft GRIM SOW 7 Nov 2022.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral11

Sample

AIR FORCE/FTUAS Applicable Documents for Reference.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

AIR FORCE/FTUAS Applicable Documents for Reference.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral13

Sample

AIR FORCE/GEN-12-AMAM-02.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

AIR FORCE/GEN-12-AMAM-02.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral15

Sample

AIR FORCE/HSIP_FY21_SOW_BusinessPoints_20210105.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral16

Sample

AIR FORCE/HSIP_FY21_SOW_BusinessPoints_20210105.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral17

Sample

AIR FORCE/HYDRA PWS_Draft_RFI V1 .pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral18

Sample

AIR FORCE/HYDRA PWS_Draft_RFI V1 .pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral19

Sample

AIR FORCE/LCMP-IDE_Follow-on_Exception_to_Fair_Opportunity_Justification_(004)_Redacted.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

AIR FORCE/LCMP-IDE_Follow-on_Exception_to_Fair_Opportunity_Justification_(004)_Redacted.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

AIR FORCE/PBL_PWS_-_DRAFT_02212019.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

AIR FORCE/PBL_PWS_-_DRAFT_02212019.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral23

Sample

AIR FORCE/PSIR-APC-01 Industry Day 4_21_2021 FINAL.pdf

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

AIR FORCE/PSIR-APC-01 Industry Day 4_21_2021 FINAL.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral25

Sample

AIR FORCE/Polaris_Draft_SOW_1_Jun_2017.pdf

Resource

win7-20240220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

AIR FORCE/Polaris_Draft_SOW_1_Jun_2017.pdf

Resource

win10v2004-20240426-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral27

Sample

AIR FORCE/RFI_FMI_11192020.pdf

Resource

win7-20231129-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

AIR FORCE/RFI_FMI_11192020.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral29

Sample

AIR FORCE/Site Visit Sign In Sheets.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

AIR FORCE/Site Visit Sign In Sheets.pdf

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral31

Sample

AIR FORCE/VoICE Industry Day Presentation 20200930.pdf

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral32

Sample

AIR FORCE/VoICE Industry Day Presentation 20200930.pdf

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Report Analysis Logs

General

Target

AIR FORCE/DRAFT JNWC-IV-IDIQ Work Statement v. 1.pdf
Size

467KB
MD5

50153fceccba5ba913d3e2b4ac5307cf
SHA1

0117104d3711bbde72b1113642f17e5beb0cd130
SHA256

ad1cfd694764b133bd99502692d7a7ae80cf7ff14518e312304ec1b21ad9671a
SHA512

a587cf3ec68a2ae527bb0883a8eef96c18bd20c719551a405277bc6f4d6c50ccf0bf9e7abef792a442398206eca2128030d7afc60121bdf2bddeed40027dd96e
SSDEEP

12288:hiCYmLjV2CrpCuJRF9zFt+Xbnej8Ax7/OFN5c:SmLxTAiFcX7eIAx/ONe

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2216	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2216	AcroRd32.exe
2216	AcroRd32.exe
2216	AcroRd32.exe

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AIR FORCE\DRAFT JNWC-IV-IDIQ Work Statement v. 1.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
de08c2869b401ab1d102d6786dc9f7ca

SHA1
dab933f488d7181a650c11d8991e041dbd939615

SHA256
c5c9123f4ddcb624db09429bc67562c3239a00863b947e6cdfab7c348c036afe

SHA512
5454a404ef10c1ac3b304027212fc2782b29a74fe26c5e4676d81832a2e0f11941858ba55600ec26c3ccbf85e1779516eb2ed46aa6b01109d0ea4254efdeb366

Download Submit