Analysis
-
max time kernel
96s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12-09-2024 08:59
Static task
static1
Behavioral task
behavioral1
Sample
名单助手I.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
名单助手I.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
说明.pdf
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
说明.pdf
Resource
win10v2004-20240802-en
General
-
Target
说明.pdf
-
Size
124KB
-
MD5
aa7d7c618d66d6cb4dc58c0844f91960
-
SHA1
3b82d40797afa9c57345c2fb6e52094676e06f22
-
SHA256
2e299fc0fed1497cce5551abc1894fd188a231fa87550c43f57475a6add4b866
-
SHA512
307675c9fe04901fafb662805374c8138468eaef48683b553ce5bd7e9f57bc18890e62509f880955e7f6a912cbec927fe2787d163b6c466bd5e4ac49409fa6c8
-
SSDEEP
3072:rsnN7QT3y55hTsTmFuIUYJqF2/3VlfcdZVey0FQZywLfN/2p2T0VDU:rs63S5hk4uIUYJq4f/cUy0Fasp2TM4
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1040 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1040 AcroRd32.exe 1040 AcroRd32.exe 1040 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\说明.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1040
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5b31e4eb878f585c286906f37a0fc8943
SHA16df41635a699052d04382267ba7d3003ec130004
SHA256a3d1b69fe0ff8f446a8ca72789f8c057bfbc50ca4e77f063a635874ba2144c75
SHA51223dfee855ae1b0daeab21f2a654f3f864421f73e8adb434e4b7a04eccac065ee37dadd27e62a5f6bd059067798e4da8c550daa96ef523faba50d31bda3493516