Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
01-08-2024 20:49
General
-
Target
MicrosoftIRMServices Protected PDF.pdf
-
Size
179KB
-
MD5
cd0211db9c79d245873ddc4577fab5ad
-
SHA1
1901f1d3e4077bcc98a867f43579091b6d7f1e78
-
SHA256
6dde899c1b0038a7c8a68472289f6089071beadb0221658ce798c408d119481e
-
SHA512
448a2e2f0c1f5ab595cde7f4ecbae59a92f37a6f712af612ffdbfd2b793ad2513beef0aa6a02e423f388d1b55a776b609365be31b08a31aef01cfd75fe3375c0
-
SSDEEP
3072:8qHMk2HPMsjjVOjVQ8sqNnDKUAD3fEV2ZchFHoAurvbkcIXmceJKel7XPcIo:8qHbiPMsP6PxDKlDPEV2wFbur4cIXgF6
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\MicrosoftIRMServices Protected PDF.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56d1c93add5973b14eb8acd692ecbdd52
SHA15304a7d78db069aee68f03f473fe5acd836b8803
SHA2568e98dfbc350716dcb7ea12e2f312ce27944be9f57cf60fc3fb89c60d4b8ba781
SHA5121396cee464d5db5cca60c08fd3e5394b135c0f46d353853140639f1f686a1b69bb1b4541164bf48f822296c2093674a6020ac7abf75baebb0acfe9c6e1193d67