Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 15:32
Behavioral task
behavioral1
Sample
Booking.com Taormina casa del sole 2024-09-08.-10.pdf
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
Booking.com Taormina casa del sole 2024-09-08.-10.pdf
Resource
win10v2004-20240508-en
General
-
Target
Booking.com Taormina casa del sole 2024-09-08.-10.pdf
-
Size
210KB
-
MD5
924518d5c37acd602c4b706647a93d6d
-
SHA1
89abd16eaa2be48d18c6db383ccda71eeca8e497
-
SHA256
c19deb03b79cf032b529dd18187a857f8268e36a82813a30649a135ef0bf8047
-
SHA512
66027d9b1eca3e4f214c0129f4edb0299e065bcdb80beed24d6efda52ad96d9ab5c6f549f48749c39e21fea9d4a163182b843117bb372b66dca16340118a31ef
-
SSDEEP
6144:aARQabjFxX1mE8M6EZMSyeFUreZu1+bMA:aGQkDgEb1MSyFreEUv
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 1988 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 1988 AcroRd32.exe 1988 AcroRd32.exe 1988 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Booking.com Taormina casa del sole 2024-09-08.-10.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD520406aa9d292cd1a642966c3a79509f2
SHA1770c216bb9c1a491588e21f1fa88b4e0e5ee94c1
SHA2569627147b625c2b04963ab4622ae90e93870f6bc68f6ba017975bda010b2d71c1
SHA5124b9ec93d41f412f4c6e6e194b9e0822460675e9cb27a4c08fedb89b4bc679708b65d4821aebf997308231f0f357a11c99492a985f2f8b5ad55e2eb6c46339a00