Analysis
-
max time kernel
95s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
27-07-2024 01:53
Behavioral task
behavioral1
Sample
7d6b0118f9a68e572ec6907f0692db80N.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
7d6b0118f9a68e572ec6907f0692db80N.pdf
Resource
win10v2004-20240704-en
General
-
Target
7d6b0118f9a68e572ec6907f0692db80N.pdf
-
Size
166KB
-
MD5
7d6b0118f9a68e572ec6907f0692db80
-
SHA1
821d7cfef4e4ddb47760b5be7283d66c290d6b9e
-
SHA256
9aaee7e10ea67525bc696d705064a7ced53166296f20c37cb771a6410ddd38df
-
SHA512
a12c2c7c839bbd2f28a890f5e9c4171f350dcbf09396d0a4145f8a8675967159d23379386ce6d4fb5d0596b4c7a7d6251cf63e07d5d82cc9617b457a197e538e
-
SSDEEP
3072:/jpa5jHXVrrloWqxtiBxz9zr4NfJPozocZEl+kBkPYmlW3eOQmEbyD0+P:/jQFHDoHxwxz54PozocKnBkPYmlWuOXx
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 2432 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 2432 AcroRd32.exe 2432 AcroRd32.exe 2432 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7d6b0118f9a68e572ec6907f0692db80N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD5dfeb32314ca651ce1fdc90973d201dcb
SHA168a6a230ad737235ca6fdd3a16c1d52ac0121fcc
SHA256bdc496c7a7cb6b96651b09599fc75b21541a69fee6a08253afd7a38315702103
SHA5123ee02d6ec3bc9d4d876c15a8601d0e0e33cfc747b73e7f4f064adc7526196f09d4bbb3299b7f264a67171ead0af377bcc7b2069e019443759394dc1dd866b673