Analysis
-
max time kernel
122s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-10-2024 02:52
Behavioral task
behavioral1
Sample
fe24cbf6643ee4e391bf66a20bab729f8e9085465b8db31a4b709217418870a5.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fe24cbf6643ee4e391bf66a20bab729f8e9085465b8db31a4b709217418870a5.pdf
Resource
win10v2004-20241007-en
General
-
Target
fe24cbf6643ee4e391bf66a20bab729f8e9085465b8db31a4b709217418870a5.pdf
-
Size
41KB
-
MD5
bb0cf3f222f4c679c90afe6150d96a35
-
SHA1
166f5f63eafc186b23c814ecb1c60553b244ab22
-
SHA256
fe24cbf6643ee4e391bf66a20bab729f8e9085465b8db31a4b709217418870a5
-
SHA512
0a9de5aa6b06fa3d5cbd18216598df4fe4391cee15e89878c9a535e62a62777ffabd94223f6d542a9838e061d58825527c9acc5d8e60462fc0be2f6c1b76a471
-
SSDEEP
768:HdKNwxtZ10Y7gybqmJONEpftH6nk/tX1M9lnmdnUw9XzoPsd:HkCxtZ101COejankVFYaUw9M0d
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 864 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 864 AcroRd32.exe 864 AcroRd32.exe 864 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fe24cbf6643ee4e391bf66a20bab729f8e9085465b8db31a4b709217418870a5.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD57cae6c2188b7e46557dbb33505766b1e
SHA1e4018653b4ac02fab615864f4d04643ff70a71b5
SHA25601cc274de2397a77ab98bbc31a3bc549344b5ff3c3fc9d7bfae721cbea0433ec
SHA5121d4b491105189e029324f44a6e0d7f3db57d2490a8a2475825a5972f3c60a37efaa7e513fdbe9528605644ae12d2594244438f1e8bb625f29408daf506efb842