Analysis
-
max time kernel
90s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03-10-2024 12:14
Behavioral task
behavioral1
Sample
3479fac2e4cab300a50d02d4cba121af71e2c66e31e099996fe34d298e2c65aaN.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3479fac2e4cab300a50d02d4cba121af71e2c66e31e099996fe34d298e2c65aaN.pdf
Resource
win10v2004-20240802-en
General
-
Target
3479fac2e4cab300a50d02d4cba121af71e2c66e31e099996fe34d298e2c65aaN.pdf
-
Size
603KB
-
MD5
10764048be68ad698120a5e9999f49c0
-
SHA1
4a540080844a5de1e297ffefb796f1e4d9cb7a85
-
SHA256
3479fac2e4cab300a50d02d4cba121af71e2c66e31e099996fe34d298e2c65aa
-
SHA512
d94f30a16b4a73a56f8315e210f94a61401052b54430946d5bdf9c07117f25c3297b2515af3272ebcc3fab45e8ba5705d5d3ebf3fe4636eefff479813490707e
-
SSDEEP
12288:ygt9PAvv+le6cqAXnkWyTvz+29I3KqgyPtiagxakR6FbxnT/8CQx:xU9qUQ35RxNIfbK
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2440 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2440 AcroRd32.exe 2440 AcroRd32.exe 2440 AcroRd32.exe 2440 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3479fac2e4cab300a50d02d4cba121af71e2c66e31e099996fe34d298e2c65aaN.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5f4694b2cff01fc3af438f73c00889b0a
SHA11db5954c6048d588a6266a16d9ef6217d247e417
SHA2562ba55cfbf3ae29a3843048e610bf224e63c154584af951703e5b9caa1d76a309
SHA5125c6ad511578a01432480ae0f01cab3a9b5ff9df1de353166acdb7995fd1b9a7cb40a4141c558127b996d742b54b8cae38aead0d127897d10deb7755e3cb46910