Analysis
-
max time kernel
94s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-11-2024 18:43
Behavioral task
behavioral1
Sample
3f5dd70f664ba3e8cebdffda12fb360f863dc6845d0f86dfe4e8d7d2cb22314bN.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3f5dd70f664ba3e8cebdffda12fb360f863dc6845d0f86dfe4e8d7d2cb22314bN.pdf
Resource
win10v2004-20241007-en
General
-
Target
3f5dd70f664ba3e8cebdffda12fb360f863dc6845d0f86dfe4e8d7d2cb22314bN.pdf
-
Size
311KB
-
MD5
d63d36f58e8b0cac8b46045e1554e850
-
SHA1
eddefe1c34fe48e67db86f75dd3a428bd2f6212f
-
SHA256
3f5dd70f664ba3e8cebdffda12fb360f863dc6845d0f86dfe4e8d7d2cb22314b
-
SHA512
23c9865cef7ffa5b3f5db0d35ffe18fc040e2cab5502a3883bb240b1725271ac84d1916c13e51539207d08b1608a3a06f0186483182066495e4a20b9088cd3d1
-
SSDEEP
6144:tqZlqMTh6Rj1YJxEKQNOx2Rz/YXxVWKqxOVaTGyLF7sRkTAWh2oooooooooooooH:2lqa6RJwQM2N/YhgKqU8TGsM7WhxFwK3
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1884 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1884 AcroRd32.exe 1884 AcroRd32.exe 1884 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3f5dd70f664ba3e8cebdffda12fb360f863dc6845d0f86dfe4e8d7d2cb22314bN.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1884
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD50a6ac77e7e4e896d859380b744745b2a
SHA1e3cff51480cb6854799e9526a6375fd14fb45bce
SHA256760e704603623afaec7dd31c7c7130b027e1408baf170b7a01cabd668e1b58b6
SHA51270e1fac85c45daf06211943e6ec0e5d0ef32d5b3d2e8ec45fecb7a26a609baaad0973f154e6bc8cd4952f4d1d2ad1ded9be9239f23018227a28e6648b51726a6