Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 02:15

General

  • Target

    ac7179f4680f56197b3dad6bc4dcc370N.pdf

  • Size

    89KB

  • MD5

    ac7179f4680f56197b3dad6bc4dcc370

  • SHA1

    e148d74112d875f670c8740899eb0b1a218f154e

  • SHA256

    afa26a1246b862c2c3624c21d9927da595337795057c9ea01dce158986be01cc

  • SHA512

    d25af31870be1aa61dfdbfe3cb129323627f75f53a34df7988516430df8da3b7fc79e79e3695476891e7eaa6a22a4ce259da7ab137597fa8a1bc3c8db5601413

  • SSDEEP

    1536:UPAE69U8vekB83f3bxRrlL/S5JjX342xSzSGQUZQ:G662TBsfdRrxq5JUASzSGFi

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ac7179f4680f56197b3dad6bc4dcc370N.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    d022b980ef160ba0c23f80caf89e506b

    SHA1

    fe62d5cdd9e03f49ecba98269f46ced0dda0d899

    SHA256

    6d78680a2e3a6ff366eae7ee5f48ed802a58705adab3472c3e0efa0b5471ace8

    SHA512

    8c18d962e73c8e5a74ee0a13a85bff07394b3180b8e70f43f4963cd1d21710c2f59247c37fbb64ea3347737fa471209ea71a2cb6aa2c309e7af2f2635dca5c6b

  • memory/2452-0-0x0000000003F70000-0x0000000003FE6000-memory.dmp

    Filesize

    472KB