Overview

overview

10

Static

static

7

Untrimmed.exe

windows7-x64

10

Untrimmed.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Devastatin...er.dll

windows7-x64

1

Devastatin...er.dll

windows10-2004-x64

1

Laursens/S...re.dll

windows7-x64

1

Laursens/S...re.dll

windows10-2004-x64

1

Laursens/S...er.dll

windows7-x64

1

Laursens/S...er.dll

windows10-2004-x64

1

Prostatism...46.dll

windows7-x64

1

Prostatism...46.dll

windows10-2004-x64

1

Prostatism...-6.dll

windows7-x64

1

Prostatism...-6.dll

windows10-2004-x64

1

Puntlatsh/...ff.dll

windows7-x64

3

Puntlatsh/...ff.dll

windows10-2004-x64

3

Symbranchi...10.dll

windows7-x64

1

Symbranchi...10.dll

windows10-2004-x64

1

Udspecific...rd.dll

windows7-x64

3

Udspecific...rd.dll

windows10-2004-x64

3

Udspecific...LV.chm

windows7-x64

1

Udspecific...LV.chm

windows10-2004-x64

1

Udspecific...on.pdf

windows7-x64

3

Udspecific...on.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27-12-2024 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Udspecificerendes/Kommunekemis/demasculinisation/How-To CFF Extension.pdf

  • Size

    267KB

  • MD5

    180313065942d47df7858ade74cee19f

  • SHA1

    0371b23100df3fd5739585473c3718c4bf85e974

  • SHA256

    b085d1cdbcb15b6e8e12eb2b8f34d5e900509470bcfd49ab9565663960e2f38a

  • SHA512

    6764ac65d610b6f7e1f5c622a03752cef606840603285b5c49924f1a3f06c669c43a2d3083f3d823f457554a2205989e3d6b881189e3160a2e1adcbf21dd3996

  • SSDEEP

    6144:cbNke00sOHmmZx9VDwXJSCCCCCCCCCCCCMo6XHTa6aaFa50cZdD6N9S5uLJXe5n2:cRkNOHm0x9eXJSCCCCCCCCCCCCMTW5ed

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Udspecificerendes\Kommunekemis\demasculinisation\How-To CFF Extension.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    227f8af9a21460c20de497d001a2053b

    SHA1

    9bff33705967377410edc8b5125aa62bcd778d3c

    SHA256

    43f2e4b4edf9e87d0645df8228918d888ea39ec9672d81527f0e1105988418e5

    SHA512

    16ac9d00a53a4b44a1bcfe0e2ab63e2b2b8272fbaeac933b598f5e0102043049cb541ab007b5e9845056527a0223b6cdd3c7e93c6624bb44896e1414681b1c7c

    Download Submit