Overview
overview
10Static
static
39eb87c0b29...24.exe
windows7-x64
109eb87c0b29...24.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Areas/page111.ps1
windows7-x64
3Areas/page111.ps1
windows10-2004-x64
3NACAH.exe
windows7-x64
1NACAH.exe
windows10-2004-x64
3Nacah_Manu...EN.pdf
windows7-x64
3Nacah_Manu...EN.pdf
windows10-2004-x64
3WAVMIX32.dll
windows7-x64
3WAVMIX32.dll
windows10-2004-x64
3a.dll
windows7-x64
10a.dll
windows10-2004-x64
10setupwin2kXP.bat
windows7-x64
5setupwin2kXP.bat
windows10-2004-x64
5setupwin9x.bat
windows7-x64
4setupwin9x.bat
windows10-2004-x64
4Analysis
-
max time kernel
118s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04/11/2024, 02:40
Behavioral task
behavioral1
Sample
9eb87c0b29794234739b1fb08248b355eff2d7f73896186052c14894a49ab424.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9eb87c0b29794234739b1fb08248b355eff2d7f73896186052c14894a49ab424.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Areas/page111.ps1
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Areas/page111.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
NACAH.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
NACAH.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Nacah_Manual_Win_EN.pdf
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Nacah_Manual_Win_EN.pdf
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
WAVMIX32.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
WAVMIX32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
a.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
a.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
setupwin2kXP.bat
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
setupwin2kXP.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
setupwin9x.bat
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
setupwin9x.bat
Resource
win10v2004-20241007-en
General
-
Target
Nacah_Manual_Win_EN.pdf
-
Size
5.1MB
-
MD5
3b63da6b4cf5f6dc15ee8acef95409d3
-
SHA1
3411ab1f6ce441e3e2c3a41aaf2040e9f42474f0
-
SHA256
0ec28469e0c239f7dd3567bc5a6e43eb23b873d17278755bdf2329c7f84cc82e
-
SHA512
41cf868857a51ab0e44a751da7269d5212d173c4f8ce5d6bb18f3c02653a92012c4981abf098c2b67960928dbca308518880d12395d7f94421a8774fc1a1a054
-
SSDEEP
98304:4XCPyt2ZiK3ybiKwwRC2FWKlW7MApvltUXse3xz8RWCwMsRJHkjAoC:4yNZiR2urDApvnULxzNkeJ5oC
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2384 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2384 AcroRd32.exe 2384 AcroRd32.exe 2384 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Nacah_Manual_Win_EN.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2384
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD57ad10a3291fcfe19b0b65f385bdee8aa
SHA19e7aaee45c2170688f04d295f90787508bcac46a
SHA256b0e17ec146ec58aacecc17c53c0f57732b27cc4977b8d63dcc191be890e0b7bb
SHA5123e7095b5d6be87647897b43725a2b2451009dd66eb59e5108b68520dba8cb10ae872bf9219a160e3def3fdf9e70b5487319bfd662450d44b0d20d83ee5685f50