Analysis
-
max time kernel
94s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
07/08/2024, 01:32
Behavioral task
behavioral1
Sample
40df8d2f3e3c3364f4ed6afb5bca3750N.pdf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
40df8d2f3e3c3364f4ed6afb5bca3750N.pdf
Resource
win10v2004-20240802-en
General
-
Target
40df8d2f3e3c3364f4ed6afb5bca3750N.pdf
-
Size
154KB
-
MD5
40df8d2f3e3c3364f4ed6afb5bca3750
-
SHA1
3b881a846a0c7a8e0ed210e43772599d7c1512c9
-
SHA256
8d17d2572b2bc77ea298ce7696efaf241bc70f0ef902b4b5b4e85191ac73bc0f
-
SHA512
b47fe4765695abae45f542a6992788f6bb87ea5e1d105145c7ee14539d5e0b09e00491b740cfdf4365811780cec389bc8b7b9c3ae590b1651e093086d3d2f300
-
SSDEEP
3072:/+i56CLq0bahjnvBmH7mJjZmfRkQ+oZtzD+avk/4pq6EpGIYQ:/+XsKjnvB+mif+no7D+ak
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2400 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2400 AcroRd32.exe 2400 AcroRd32.exe 2400 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\40df8d2f3e3c3364f4ed6afb5bca3750N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD52d2fa3bed60d45eb1e75cf19505dfab2
SHA1750edf977a6409c369f88fe135647be942c93eb1
SHA25659c53e5285d27b131b8d843201d048a54608f31acab23722afc2bde1309f9ac8
SHA512463cded6f49f65708f7580d126526a419fde51bfa82903b94f2a12cde82528f9276434d4b2f19a51b6fc4cb51ad898a3852737e256217c8182d03f7f53a2cddc