Overview

overview

10

Static

static

10

163.5.169....r2.hta

windows7-x64

8

163.5.169....r2.hta

windows10-2004-x64

8

163.5.169....r2.pdf

windows7-x64

3

163.5.169....r2.pdf

windows10-2004-x64

3

163.5.169....r3.hta

windows7-x64

8

163.5.169....r3.hta

windows10-2004-x64

8

163.5.169....r3.pdf

windows7-x64

3

163.5.169....r3.pdf

windows10-2004-x64

3

163.5.169....r4.hta

windows7-x64

8

163.5.169....r4.hta

windows10-2004-x64

8

163.5.169....r4.pdf

windows7-x64

3

163.5.169....r4.pdf

windows10-2004-x64

3

163.5.169....r5.hta

windows7-x64

8

163.5.169....r5.hta

windows10-2004-x64

8

163.5.169....r5.pdf

windows7-x64

3

163.5.169....r5.pdf

windows10-2004-x64

3

163.5.169....r2.hta

windows7-x64

8

163.5.169....r2.hta

windows10-2004-x64

8

163.5.169....er.hta

windows7-x64

8

163.5.169....er.hta

windows10-2004-x64

8

163.5.169....r2.hta

windows7-x64

8

163.5.169....r2.hta

windows10-2004-x64

8

163.5.169.28/cmd.exe

windows10-2004-x64

1

163.5.169.28/cmt.exe

windows7-x64

3

163.5.169.28/cmt.exe

windows10-2004-x64

3

163.5.169.28/fd1.exe

windows7-x64

10

163.5.169.28/fd1.exe

windows10-2004-x64

10

163.5.169....er.hta

windows7-x64

8

163.5.169....er.hta

windows10-2004-x64

8

163.5.169....r2.hta

windows7-x64

8

163.5.169....r2.hta

windows10-2004-x64

8

163.5.169....r4.hta

windows7-x64

8

Resubmissions

21-01-2025 13:39

250121-qx27kswrck 10

21-01-2025 11:57

250121-n4kvrsskfv 10

21-01-2025 11:43

250121-nvpglaslfq 10

21-01-2025 11:26

250121-njtbea1qcp 10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-01-2025 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    163.5.169.28/SCAN-atoletter5.pdf

  • Size

    169KB

  • MD5

    c5de2a211a2580c04d1b5349651d3e4a

  • SHA1

    81a25e710c7dc63b10220dbdf39dc48ff11da5f3

  • SHA256

    57b4117e2cf9ab76ed554c2bbf192b9868b94202ad5aaff05a593cf3d4630f85

  • SHA512

    ad3fead8c0e7820e008bdd9f90b443a20eab0dde9d51a1035e8b40f070d7e381e641a8ae00911bc8c0a4a8e341a9a73e3ee133b78abddbbb442f00ce28efd51d

  • SSDEEP

    3072:NPAr51Wqu9r1RRVgz/hdcJ0XWLtSsi6dzRov5dMWP4y0LUD:UBuxHgrI9cLDTMPyoC

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\163.5.169.28\SCAN-atoletter5.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    d6f3b689a10b138bd1941742cf2657a8

    SHA1

    97b31f2a5504f3a9c0d0a8125e5e2bc40a166059

    SHA256

    4735680b74e181731556bcbb25aff415f8533f10cc9dc5b04637c84ad90c9433

    SHA512

    7dad713090aa41b934a93559f170f05b855a6094cf5b5c2fdc9bd935eb25174c0942455f4a99decdf1d81b09967b39d83a8b2c6aaf23aa7cb063110482714b1e

    Download Submit