Overview

overview

7

Static

static

4

setup (SLINKY).exe

windows7-x64

4

setup (SLINKY).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2024 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup (SLINKY).exe

  • Size

    687KB

  • MD5

    5bfdbb28cc7fed82bf415edac9c9eb83

  • SHA1

    c04b108edbb95b75dc1496bed342b937f37fa17a

  • SHA256

    12affb37160cf0bb5fe284c7f65ddeea23a788f4d35fbf158a4877c99640e8c3

  • SHA512

    ff52df5c58fbee9dd555f373bb1a4b520e36f6a76e1b6ed345015cbd0adf1a3927dd79afe1b92e76b439d1221865b72a34a9023fad3c0c1f849e6a90e4352ae3

  • SSDEEP

    12288:XeamasPpcOQZTOK7AXIfaNpcAlZwKXKCzNCFQpZGtK8HtDdoA/LQXvU7gkXeNV:uamasBcVOK75JKo0EtFHt+yQXvU7ze

Score
4/10
linkpdf

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup (SLINKY).exe
    "C:\Users\Admin\AppData\Local\Temp\setup (SLINKY).exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Slinky.pdf"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2260

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Slinky.pdf
    Filesize

    285KB

    MD5

    8a651d3c642d4da38c54124b8a045804

    SHA1

    8006c155846f5a7a422a84eebd4ac175fc895da5

    SHA256

    ce7e7f6efec617fd75d599ec48a2a162cf2f520dd982d168c6caf596a74567bb

    SHA512

    6a9a40511b8cf13a0f8c147c0cd503bb1584a6178cbeb91a58b6ae1f28ce9fb54f396fd0faeb7cd2c0d369fe349c4e54c27c32252f40092f0391e63fd68ac62b

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    e7d1df4c69b79e9a092b6a6106e86b37

    SHA1

    b47b763f4dce911a90983da9cf99d195aae22b70

    SHA256

    bbb88ad539c5b5c0db23178dbdcc7ba42c848ba498dca82d11cfc162863c25c7

    SHA512

    b1c8a5977fc64a7a753f3aa9b6b657eb00b42c8cef93e08278e84831121e9b5681af4f4c5032532119ef0b1915658eb5560d738b943a8f3cce25613d561135e3

    Download Submit
  • memory/2428-0-0x000000013FD60000-0x000000013FEE1000-memory.dmp
    Filesize

    1.5MB

    Download
  • memory/2428-20-0x000000013FD60000-0x000000013FEE1000-memory.dmp
    Filesize

    1.5MB

    Download