Overview

overview

6

Static

static

6

W8 or Cert...ms.pdf

windows7-x64

4

W8 or Cert...ms.pdf

windows10-2004-x64

3

Certificat...us.pdf

windows7-x64

3

Certificat...us.pdf

windows10-2004-x64

3

W-8BEN Ind...ls.pdf

windows7-x64

3

W-8BEN Ind...ls.pdf

windows10-2004-x64

3

W-8BEN-E Entities.pdf

windows7-x64

3

W-8BEN-E Entities.pdf

windows10-2004-x64

3

W-8ECI Inc...ss.pdf

windows7-x64

3

W-8ECI Inc...ss.pdf

windows10-2004-x64

3

W-8EXP Tax Exempt.pdf

windows7-x64

3

W-8EXP Tax Exempt.pdf

windows10-2004-x64

3

W-8IMY For...ip.pdf

windows7-x64

3

W-8IMY For...ip.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    W-8BEN-E Entities.pdf

  • Size

    307KB

  • MD5

    e6131315346a213ee805a4f8ed881770

  • SHA1

    483153589d2dfa11fd4ca1c314cb8ba57dfc2986

  • SHA256

    d67fc5abae5af11df5d6168a60f7a7e7f27044efa63f660cb76c0e47a241ef6e

  • SHA512

    3acd63de95e25384332939353593bf44fe7bb6e3fed9e2abb3262cc9cf426845069311e321c22cdeaa497a3c5c896932818895ee76e261a9c298912c018fcf67

  • SSDEEP

    3072:HoCqxzVjAIZVa8t8Qfk6V61eK4Ib4Z63n1qsmqU+BIjzrYbqvGKjgh96AXTdz:bszVjAAainfkmfLXkGvFjgD6mTN

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\W-8BEN-E Entities.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Security\addressbook.acrodata
    Filesize

    5KB

    MD5

    4618312ec50b52c81043bb6ff393cfc3

    SHA1

    80537497d939529b34de993b14d96510068bf075

    SHA256

    e8e27396e2a043abd283eed4fd5b8fa256cc22e741defd522158fc9e29205839

    SHA512

    fc589a974f35ee83c297784c7d7cc62826854422ceec2d5ff46aa6575f5b2bade27d26c1dfc0686602c81e5c14f75f7abd23e6c19fd90a2dbe70e0f5c09251e9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    b4e4aac95784ab6a9c87a11ebe65b43a

    SHA1

    066b6ca3c17379e9b6ba73223e38c3413c206830

    SHA256

    3be6a72bccd7347f11eb481fc1e3ee7d14443b0a893e456bca91ba2ae0df25fa

    SHA512

    553639b1694f5aa2f38579df1f9031f082c3998f72a7f09e7ed0312a9ebbc53912f5ec9d21da3bb4ece9b9a9cecefd4c35ecc80291e09a853dd82a3830645123

    Download Submit

  • memory/1976-0-0x0000000003CE0000-0x0000000003D56000-memory.dmp

    Filesize

    472KB

    Download