Analysis
-
max time kernel
127s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 23:05
Static task
static1
Behavioral task
behavioral1
Sample
malwa1.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
malwa1.pdf
Resource
win10v2004-20240508-en
General
-
Target
malwa1.pdf
-
Size
47KB
-
MD5
a5852fc71a865e1fc71bebb000ee9a14
-
SHA1
a6ce210b4b1b24c62315633dfd3ad62623f02b16
-
SHA256
bdb1bac9b73b9e2bd041441507d7c2a889299d7e455fac772cc7aea68e02a79f
-
SHA512
ab9341c20a3e9a001aef88160dae446f4beff106ec54668d145f6397ed440dd429207e779918c543fc4397eb72e2fff82912c5ad6ec52d3fccc1ce5b86011249
-
SSDEEP
768:7Ye339eSZgQOPLEtiAMXWo1NUexmJhcq4xVFCc3E1oGahz7p:t3NlOQqQwWONUexGiq4xX0aGahfp
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 788 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 788 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 788 AcroRd32.exe 788 AcroRd32.exe 788 AcroRd32.exe 788 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\malwa1.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:788
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD54c7f402c0aa3e7a7fbe840b6e2f72ba0
SHA1c561905ff074eef2ac7ba4e5fdcda0b7dc8e51e7
SHA2566c56edf51212e25e6cbe675dd08cb434de8101dd342c93e91eb8c073eb3db433
SHA51297d16c938aa8981a8079ce4f2780534e71104149b6693b3b0d876c66a6ca5c9457e320da51d38baecf87c23e4b02bd10b86492f2a2484766eefadbbc362752ff