Overview
overview
10Static
static
4d9f0268cba...5f.iso
windows7-x64
3d9f0268cba...5f.iso
windows10-2004-x64
3out.iso
windows7-x64
1out.iso
windows10-2004-x64
1PANDUAN_PE...AS.lnk
windows7-x64
10PANDUAN_PE...AS.lnk
windows10-2004-x64
10PANDUAN_PE...AS.pdf
windows7-x64
3PANDUAN_PE...AS.pdf
windows10-2004-x64
3PANDUAN_PE...AS.ps1
windows7-x64
10PANDUAN_PE...AS.ps1
windows10-2004-x64
10controller.exe
windows7-x64
10controller.exe
windows10-2004-x64
10Analysis
-
max time kernel
122s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
07-09-2024 10:22
Behavioral task
behavioral1
Sample
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
d9f0268cbaa1ae45dfa755adab9dda2d8bdff3c8bf8a00d23bbc6894c28e225f.iso
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
out.iso
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
out.iso
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
PANDUAN_PENGGUNA_MyKHAS.lnk
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
PANDUAN_PENGGUNA_MyKHAS.lnk
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
PANDUAN_PENGGUNA_MyKHAS.pdf
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
PANDUAN_PENGGUNA_MyKHAS.pdf
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
PANDUAN_PENGGUNA_MyKHAS.ps1
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
PANDUAN_PENGGUNA_MyKHAS.ps1
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
controller.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
controller.exe
Resource
win10v2004-20240802-en
General
-
Target
PANDUAN_PENGGUNA_MyKHAS.pdf
-
Size
378KB
-
MD5
70588b0f7d0c41eaf361dec75814dee5
-
SHA1
ed9a1f824a751ed45ab974c7c7d918edc1854be0
-
SHA256
ccaab434da496d577632664aa7752dea2e66870b470fec7b44957425be4a6db3
-
SHA512
eaeeb28e2eb182b85b1d9ddbeaddd95414d087360c3258053e1560d21e396e39b81a9f6dc77f31aee0415d58f1ea6a02f79e4faf04d81726c35ac9fcf4fd5048
-
SSDEEP
6144:DlDpxoBOXnHBq4TkrZ/IUOF3pixCbkwrbw6Bi4eFZV7NkuM4dfgBhf6OXLKzZ:vxoBOXnHfTw/U3ExXsw6BS7Ni4taSO7O
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2088 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2088 AcroRd32.exe 2088 AcroRd32.exe 2088 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\PANDUAN_PENGGUNA_MyKHAS.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2088
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c1ca469c5e0b201f4eca8ac767c1d9b7
SHA16450ea0765a19ebac4f685176caecdc92d12580f
SHA256299c783fc839a94c447b68af76e86b54565d4bba279577d857668b5fbf2e17d0
SHA512f9cd34e8bd708088b8d3327618cb06d390c8eea8ac32e5f68ad07a27ad697f69e6af45f09ab8e47560f656f49439fbf516da7b4ef5047b33bc2dbed597fbc2a3