Analysis
-
max time kernel
117s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
01-09-2024 04:53
Behavioral task
behavioral1
Sample
33913b74c1b33f5587db729631c98aed100b6f94a8330afa21facbf863c8e1d2.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
33913b74c1b33f5587db729631c98aed100b6f94a8330afa21facbf863c8e1d2.pdf
Resource
win10v2004-20240802-en
General
-
Target
33913b74c1b33f5587db729631c98aed100b6f94a8330afa21facbf863c8e1d2.pdf
-
Size
48KB
-
MD5
a148d6445634f1239d55eb04bc172ef7
-
SHA1
de9304cc032b16c9edfe1be110f9d9cc952fb5b7
-
SHA256
33913b74c1b33f5587db729631c98aed100b6f94a8330afa21facbf863c8e1d2
-
SHA512
16aedc203084f101f034f62d68278096988ba67fd15021450206d41b96eac38a77bd42bde71a5125a7cb11c082bbf41644a91e270cffea1c774b94fc51fde67d
-
SSDEEP
768:rhfJvzfmXR2+09EdIfix9rymePCPVe9+Gfj8hu1bLxy/2sBHcwpW:rLz+bzdvx9emFNW+Gr8hu1b9GH1W
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2344 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2344 AcroRd32.exe 2344 AcroRd32.exe 2344 AcroRd32.exe 2344 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\33913b74c1b33f5587db729631c98aed100b6f94a8330afa21facbf863c8e1d2.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a0ba601196797a48db6ac68095478692
SHA1e0b4ac3e686f1af08e0b70831f0ddc92ae275291
SHA2569eb388728762d141eaf530ce8dcc85f47fbb252c8574d810c463c8ae397e1bb8
SHA5123751db4c416d3fa401a2071e0c06cfa28d7d8d839b73cf2d70f05e1a4b081a78973eb97c751da9d102fbdabd965ec1e0c06acb84795b1a59175a7dc6cff3d10f