Analysis
-
max time kernel
92s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 05:00
Behavioral task
behavioral1
Sample
574e00a72e018b5957bf319cb5848156d6014b3a1a5abd3b70864813b1dcc8c6N.pdf
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
574e00a72e018b5957bf319cb5848156d6014b3a1a5abd3b70864813b1dcc8c6N.pdf
Resource
win10v2004-20241007-en
General
-
Target
574e00a72e018b5957bf319cb5848156d6014b3a1a5abd3b70864813b1dcc8c6N.pdf
-
Size
451KB
-
MD5
f412766b7a39f725daa34a02f3cc98f0
-
SHA1
4db68d0d56c536afb4c609f773f862feeeec0241
-
SHA256
574e00a72e018b5957bf319cb5848156d6014b3a1a5abd3b70864813b1dcc8c6
-
SHA512
90266739c446d19f8ed1be04d99c7fd53dad08dc8e6f66f62f382c36677f3cf171ef330671f3fe8efbc017a7ff84222ccedf79966b5c910fabdb860f7dc2e06c
-
SSDEEP
6144:tviba9PaRp+qarYpOqx0Krz3qkmUWHweFaV4WtOhnkUsy51e+W5yKMMIB2+nYCNl:tacaRpU12ruwWcQ2i51DQUtSZS
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2820 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\574e00a72e018b5957bf319cb5848156d6014b3a1a5abd3b70864813b1dcc8c6N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5435464cf3a785fb086517f70c0dab146
SHA15e75046922943850daf0ebbb39079e95fe443b16
SHA25667b6c162db53c54502d796b0cd491bb9710525a1266a21c7c61d23584e14babe
SHA512b0b655d861140f2d7e6954f369e26300716ad7d516c6f2528d48c164c8e5364522fb9e59e08a5f1c54c400f33be95dbbf9fdaac63ae8361aff3a49f9dbbd36b9