Analysis

  • max time kernel
    90s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 06:06

General

  • Target

    6e6130923f3b26c03f66be14b120255387582af06bede4df325dcaf669d138cdN.pdf

  • Size

    317KB

  • MD5

    91e0c3ad922012279899973ff42957a0

  • SHA1

    44073bb6b565632b69637fc7863842d08033e737

  • SHA256

    6e6130923f3b26c03f66be14b120255387582af06bede4df325dcaf669d138cd

  • SHA512

    7acbfe01266e21d1a12e42e1a285dd8487457828f52e3728a5dc2a13ad39647ea8e66506d7785e6fe7b982eeea4cf4eed4427da497d7fe3a5ad6c2abad1b6939

  • SSDEEP

    6144:5ZcEx8ZLQt15bo3a2AGRXskoniO1ehLTHtGgl1cVYD73/BndUEveVO9YZOvMk2:rQKfbo3aExoiO1QLTNG0j/fU0e4qEEp

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6e6130923f3b26c03f66be14b120255387582af06bede4df325dcaf669d138cdN.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2488

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

          Filesize

          3KB

          MD5

          c88f7469a0d3d8e0b74078f054568961

          SHA1

          f98083c87f941ef1188c9963ea3ffa186ee4e59d

          SHA256

          607b78077d19643b890769cd14c6ac132470bee76b082a1c6db81acc9af9c3cf

          SHA512

          332f48a1f2adcefb7753e22ecd0f495199490e871997c3476e1bf215490ddcb36bffb0a8092a1a2716009c6c56db2cb4a043bacc09d4cc5b166e2e0e6dc28090