Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2024, 02:40

General

  • Target

    Nacah_Manual_Win_EN.pdf

  • Size

    5.1MB

  • MD5

    3b63da6b4cf5f6dc15ee8acef95409d3

  • SHA1

    3411ab1f6ce441e3e2c3a41aaf2040e9f42474f0

  • SHA256

    0ec28469e0c239f7dd3567bc5a6e43eb23b873d17278755bdf2329c7f84cc82e

  • SHA512

    41cf868857a51ab0e44a751da7269d5212d173c4f8ce5d6bb18f3c02653a92012c4981abf098c2b67960928dbca308518880d12395d7f94421a8774fc1a1a054

  • SSDEEP

    98304:4XCPyt2ZiK3ybiKwwRC2FWKlW7MApvltUXse3xz8RWCwMsRJHkjAoC:4yNZiR2urDApvnULxzNkeJ5oC

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Nacah_Manual_Win_EN.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2384

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          7ad10a3291fcfe19b0b65f385bdee8aa

          SHA1

          9e7aaee45c2170688f04d295f90787508bcac46a

          SHA256

          b0e17ec146ec58aacecc17c53c0f57732b27cc4977b8d63dcc191be890e0b7bb

          SHA512

          3e7095b5d6be87647897b43725a2b2451009dd66eb59e5108b68520dba8cb10ae872bf9219a160e3def3fdf9e70b5487319bfd662450d44b0d20d83ee5685f50