Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-09-2024 09:27
Behavioral task
behavioral1
Sample
d632c1bb0cccba5d09980b7324ffb3f0N.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d632c1bb0cccba5d09980b7324ffb3f0N.pdf
Resource
win10v2004-20240802-en
General
-
Target
d632c1bb0cccba5d09980b7324ffb3f0N.pdf
-
Size
75KB
-
MD5
d632c1bb0cccba5d09980b7324ffb3f0
-
SHA1
c1c004b88e99e7b19650c86dcabaa258053391e2
-
SHA256
2497db26cd50aab3854ff306e0e3359b36116eed55fd5c3b5010c5717d8b88c9
-
SHA512
3b6b86b47f703f384e2aadaef9d4f9ed7e81ce487ad9cb63ce3f25c49954d4e4ce1175da93a1ce038a76c5794154c7ea67ef397ddd20432d14581fc8a1982688
-
SSDEEP
1536:mdqGVLo8t4ROtfLm9TnOXCgDF2222Wi8KO7xh4W2Mj:mdqGVktAtyOyusi8KO7xh/26
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2280 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d632c1bb0cccba5d09980b7324ffb3f0N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2280
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD504fdd594e48c1f63b7205de7882c8740
SHA1b518e249892c02222036ba139cae677a7f09feea
SHA2561714acbb1b4146449fb72368f5ea209de88444bd1db5834d4d3f56356c700e1e
SHA512aab6cf76cc449fbe504bb6904715c55227c64ec503ce357f4358c2722d9877486e77a23ca70b6226cf7421c10c5be243b3cb36b1afaf1870f7a5980477b0256f