Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
21/09/2024, 06:48
Static task
static1
Behavioral task
behavioral1
Sample
3b3b614b140fa76ef3668ed9112b06cc6f064be97c643904f297f5c92b529d75N.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3b3b614b140fa76ef3668ed9112b06cc6f064be97c643904f297f5c92b529d75N.pdf
Resource
win10v2004-20240802-en
General
-
Target
3b3b614b140fa76ef3668ed9112b06cc6f064be97c643904f297f5c92b529d75N.pdf
-
Size
433KB
-
MD5
64dcd185bc6e2eff816cfd644ba239c0
-
SHA1
349d6567b49402a4a7ccd336116e1b19661b0945
-
SHA256
3b3b614b140fa76ef3668ed9112b06cc6f064be97c643904f297f5c92b529d75
-
SHA512
0511a3d22c7502e9b89553e8a12af635658c48c2e02127078574285ec1b267c8cc2573a837fad28a00ab4a01973a25984df58f714c346d17092e8ea85834c011
-
SSDEEP
6144:VVf8jDh23wHZ6maQD8n3oEl52VomY41nsDPnSbYv7B4PAQy2SWQ8CPuzf:Vl8jDaaZz8n3cYWnsDfSbYF4Y1Fl8Cs
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1684 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1684 AcroRd32.exe 1684 AcroRd32.exe 1684 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3b3b614b140fa76ef3668ed9112b06cc6f064be97c643904f297f5c92b529d75N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD537a5c954ff4fc3fa1f8e02a8742a08dc
SHA13cdde1fc5332cf51d2fae24a9acb5d0a177c1f61
SHA25664e46b931c08a72aea500aee07092c614d3e073a5366dfda7c7385c0bc71bb0c
SHA512e562ae9486ccde6fe89300aa938ea70a6b2da7d750f6c9dd6b8ab27dfbbd60deff9d579eb81634e7b1453e5c34b5429e1ba878afe2d4cf5288a3c5a103652183