Overview

overview

3

Static

static

3

1-1006.pdf

windows7-x64

3

1-1006.pdf

windows10-2004-x64

3

1-1007.pdf

windows7-x64

3

1-1007.pdf

windows10-2004-x64

3

1-1008.pdf

windows7-x64

3

1-1008.pdf

windows10-2004-x64

3

1-102.pdf

windows7-x64

3

1-102.pdf

windows10-2004-x64

3

1-105.pdf

windows7-x64

3

1-105.pdf

windows10-2004-x64

3

1-1202.pdf

windows7-x64

3

1-1202.pdf

windows10-2004-x64

3

1-1207.pdf

windows7-x64

3

1-1207.pdf

windows10-2004-x64

3

1-201.pdf

windows7-x64

3

1-201.pdf

windows10-2004-x64

3

1-203.pdf

windows7-x64

3

1-203.pdf

windows10-2004-x64

3

1-302.pdf

windows7-x64

3

1-302.pdf

windows10-2004-x64

3

1-306.pdf

windows7-x64

3

1-306.pdf

windows10-2004-x64

3

1-501.pdf

windows7-x64

3

1-501.pdf

windows10-2004-x64

3

1-504.pdf

windows7-x64

3

1-504.pdf

windows10-2004-x64

3

1-506.pdf

windows7-x64

3

1-506.pdf

windows10-2004-x64

3

1-602.pdf

windows7-x64

3

1-602.pdf

windows10-2004-x64

3

1-808.pdf

windows7-x64

3

1-808.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1-302.pdf

  • Size

    98KB

  • MD5

    51098e48e72218b0de2993598be09570

  • SHA1

    7c93873c20e45f3afddceeb9d77db83b13534904

  • SHA256

    baa91ef23efdd80dc69d3afeba145bd39dff03ba5a3e210f83a7f577d54a2325

  • SHA512

    d426a34011623d71de94b64bc6ab82a96442f21341d0053027938c747b5a2e1f97ec28250b39c2cb44690c448a9d43fb2bb3145b7642fd9811573d6484f49fff

  • SSDEEP

    1536:xBsE1aSrM1RzJ4dKb0rM1RzJ4dKx+rM1RzJ4dKNbrM1RzJ4dK5gBQ:xuSASKb0ASKx+ASKNbASK5gBQ

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1-302.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Security\addressbook.acrodata
    Filesize

    5KB

    MD5

    4618312ec50b52c81043bb6ff393cfc3

    SHA1

    80537497d939529b34de993b14d96510068bf075

    SHA256

    e8e27396e2a043abd283eed4fd5b8fa256cc22e741defd522158fc9e29205839

    SHA512

    fc589a974f35ee83c297784c7d7cc62826854422ceec2d5ff46aa6575f5b2bade27d26c1dfc0686602c81e5c14f75f7abd23e6c19fd90a2dbe70e0f5c09251e9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    369b319a2be468cba0d0c9a9db324436

    SHA1

    e1444d237cd350a48b80f9e415e32769e22238b2

    SHA256

    e378919238394ce527d48031e701dfe063e5e93fc8dfbe4a1b49665101f3e1f7

    SHA512

    bdf673b86bfd0045a1225f4963c4e51539afe31b0fe3d53819f4c97a095ec9846b6809c2597780bcaa4761ce7cc527958ea8bc8f7f596db5ae1693c79a3d6b83

    Download Submit

  • memory/2296-0-0x00000000040D0000-0x0000000004146000-memory.dmp

    Filesize

    472KB

    Download