Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-11-2024 22:59
Behavioral task
behavioral1
Sample
Tdcj-Scanner85950.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Tdcj-Scanner85950.pdf
Resource
win10v2004-20241007-en
General
-
Target
Tdcj-Scanner85950.pdf
-
Size
33KB
-
MD5
eb16aa4f2a4f5632a4d13bd33fbf0006
-
SHA1
3b566b1e1f7fd7e22885c0806a6847713cd9cbfd
-
SHA256
3c06d89926ddb427913b5ff3f19dd637fa7b8dcc2ad9ff5c4b691699874a12b9
-
SHA512
a1cc06f6f67d51fc0c34cd204a65167df431a4d34fd51a1e46d5bbba2235c6a864a498bd1d6d0142561842f31ed8e1d3163eee5b1efd9077f36352f8cea160ae
-
SSDEEP
768:XXvvvvvvnhhroOtloufqGsFyYEzRAQD/Qb/ZhWcA4BzP:vvvvvvnhhrn3hcNE3D/QbS14BzP
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2512 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2512 AcroRd32.exe 2512 AcroRd32.exe 2512 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Tdcj-Scanner85950.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2512
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5252f478fba273a1b3a1fe7699617ba1e
SHA1631f91363bdc13696a58651b85542ab79fbe5ee6
SHA256b83406048c9db5220c5d3ade00670d5d884fa52d336d1cd011963ee39edba0e0
SHA51252afd331cccb05ec2b61313fb12c01346cbcff44edea2826a48936b7ef5f0344b5b77f436544a71820b9f3188ad8e64bbea4ff05b2285ea399c2b96a87808ded