Analysis
-
max time kernel
94s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12-10-2024 00:35
Behavioral task
behavioral1
Sample
d6f1a9f8432df70dd947f48e77ed98df06acc51edfb324154a7af24f674036e1N.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d6f1a9f8432df70dd947f48e77ed98df06acc51edfb324154a7af24f674036e1N.pdf
Resource
win10v2004-20241007-en
General
-
Target
d6f1a9f8432df70dd947f48e77ed98df06acc51edfb324154a7af24f674036e1N.pdf
-
Size
496KB
-
MD5
ac4a8c4a0a06b40f0b1905a4468c75b0
-
SHA1
774bbdd8446e238a3f8a3d930784ed9edf258d0c
-
SHA256
d6f1a9f8432df70dd947f48e77ed98df06acc51edfb324154a7af24f674036e1
-
SHA512
f3853f48f8e1d27ad01295ccade9ba188e6ae1f6a1ea0e337a3cd055439e6a9b18679413357fdd7d8241b25c6702852fd4391fadcace8253c67d9a67e476b862
-
SSDEEP
12288:KZR3VYMyQuJr6bHmJlCBdD63UfDNerOaQarQ4UfQQhbY922gx:KZRCMybr2HmJQrVmQvbfQObOxgx
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2356 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2356 AcroRd32.exe 2356 AcroRd32.exe 2356 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d6f1a9f8432df70dd947f48e77ed98df06acc51edfb324154a7af24f674036e1N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2356
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5c7ecb066c5e11dbd41c9962a518d499f
SHA1c26b8218fc4644a2bbe7e6e93b2972bbc8635455
SHA256ba4944c22088222b636b96e98aa27591254f57cf7fd9871dd2f26f19d2a4bdf6
SHA512b50d6671b027eeac620518b895e7353e59d5b194bc479fc3dde959b3377ac8fbfbd5c621602211d43b1165c2b6cf309e37d698dc3480a56da5b73ca2db064ace