Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29-10-2024 23:47
Behavioral task
behavioral1
Sample
bd678bbc-2ad9-4f0e-9d6a-d6ca9619151e_Lgmpharma-In-Service Agreement.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
bd678bbc-2ad9-4f0e-9d6a-d6ca9619151e_Lgmpharma-In-Service Agreement.pdf
Resource
win10v2004-20241007-en
General
-
Target
bd678bbc-2ad9-4f0e-9d6a-d6ca9619151e_Lgmpharma-In-Service Agreement.pdf
-
Size
86KB
-
MD5
cf1743ed56e5cd98e34ed62746db44a5
-
SHA1
1ed646f745d8a8db4437e602df671e3aab0b2c3f
-
SHA256
8bbff61ab45cc877aa8cf01e901d3d710310f9ab81d5306efd8cbf0eeba7102c
-
SHA512
22a02021b0c26d476e8c8a4146c51d6d7593338c0337b6a0911fe508815c4dc078d878613f8d025fed396d91d28ad4311055f849dc12526156700dd9cade9ffe
-
SSDEEP
1536:rxGNUvBb4e2Nn/NVxvvTMqAqsXcgVzuyPxupvMYKQBKTeuciojBt+d8HHCLXE:wNyZvM/jxHT6qD8u0cvMYBseuciQb+dC
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2028 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2028 AcroRd32.exe 2028 AcroRd32.exe 2028 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bd678bbc-2ad9-4f0e-9d6a-d6ca9619151e_Lgmpharma-In-Service Agreement.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a76b7c4322db014a583ad799e92d2737
SHA1605545b2e6fda2470bf833d681a4eca1831acf87
SHA256cbd1c228d7f8e1460bc0486009e6a1ab468b5baa6b4e31401a59cdef62bbc280
SHA5127cbd930aca8829793fdbc1e54d5ebbd0da879cfbcbec73f3000c24fc8a1bd69148b197629ad3c37c692325aaae5439fbcb6738318a54abdc03fff0950b9728f6