Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19-11-2024 07:37
General
-
Target
All_Employee_Memo.pdf
-
Size
49KB
-
MD5
34941bc6ef293fa6481b5a255cfafaea
-
SHA1
368fa33e3146b94d5adfa09db555e4544c409265
-
SHA256
19ec91a744be6fa5b3b72bb22e312c130bf195bda666c19e1e1720e63db88417
-
SHA512
59337da40e5247a31c68b838958c17b6ef8d61223dd3cc574547e3fc84f9475354e04b82e03a5a6b8b777eac3caa499f5816a01c88f9674ba33ef2c33ca6c197
-
SSDEEP
768:0DCfzdzJ0FiVUiM4wjaVJ63fht6u3vXbEPsR+t4laCm+uuqSH2K1:0DIdV0FdDjD5ALM+2Sin1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\All_Employee_Memo.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD58ff34180e4ef0dc802e609585f6b01ff
SHA1e7a90f43db4c5c46bca7742c47909b262cba686e
SHA256871d8a24255b4e5f8d105246e430f6e7f01b330f54f5339be5f0f90c9bdbd399
SHA512c40917c583bcb4b0715a839784c62c9a439373c740237b8fc5de32ad06680d2d219978d462f7a9d7e5e5140a0b2c8eb01ea1d76a887f6ce61a6f49d8ffe7acfb