Analysis
-
max time kernel
91s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 05:09
Behavioral task
behavioral1
Sample
9f2a122b77519a99bab058c3d75adc13e7e5ff78dffa2aff7a37008a3e93dab0N.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9f2a122b77519a99bab058c3d75adc13e7e5ff78dffa2aff7a37008a3e93dab0N.pdf
Resource
win10v2004-20241007-en
General
-
Target
9f2a122b77519a99bab058c3d75adc13e7e5ff78dffa2aff7a37008a3e93dab0N.pdf
-
Size
267KB
-
MD5
35aa6070440ff4b02af1cce2a424c950
-
SHA1
3893cdd31492c380274988c71b32f03a72df3faa
-
SHA256
9f2a122b77519a99bab058c3d75adc13e7e5ff78dffa2aff7a37008a3e93dab0
-
SHA512
00a3e4f62600b9ddc8948561c360f517002a5f0e1aea5d9f25913694788fff07db7c128c25469c387fb62ae27296ee15461863382d00cfe8ccf7ac7ef01a61a2
-
SSDEEP
6144:XblQbvXS1oq03jsAuhU/0Bnv18B9mbSJ5dnYxlfABPlJ/eVH:XbcS1oJ3Z6U/0t6d5ix9Apreh
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2860 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2860 AcroRd32.exe 2860 AcroRd32.exe 2860 AcroRd32.exe 2860 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9f2a122b77519a99bab058c3d75adc13e7e5ff78dffa2aff7a37008a3e93dab0N.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a980c3ec828cc332ed9a9d5ec3e6bbe9
SHA1607b42cc958be38b6925c7c7c82da57fb7a526b7
SHA25629a42c9bcc0a8a521ef2a6796efcc8ad074f16c1b1a9b53ea8196aca4e3e084e
SHA51243b0f2ecf73e6bd077ee6ef080ee20143dfcb5addba7396cfd749aa2aaf021054e2e5dec85b9da91d9b3fc2892b2ff509ddf679a9247c498e57e041fd5daf9d9