99b14ade8ea9c02b24c71a5583d02322594460af4d2fe734ec2af3d6c805f027

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-07-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Awesom-O/config/lua/Docs/PR2.1.pdf
Size

114KB
MD5

b2345d0f4b93b568cd1236ed626e6263
SHA1

bc413ae7708caa417c9989358faeff03f0667ab5
SHA256

921eb0e9160f9647ac343f7aebea60aacc567eb33bfaacb08ea5142287fa4656
SHA512

858425b8eb2360448a003c394d7f579da39dacc25dea6bfd11005548699227a0ff5a8d9f1ada124f15c62b45817b62b874266d9c5e03022ddcac543cbf514069
SSDEEP

3072:jEX+jLAM8KFfRzWq+PGhONk8djU9g8TenO/mHj1:jEujEfKFVWq+PUOfm4OA1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2680	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2680	AcroRd32.exe
2680	AcroRd32.exe
2680	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Awesom-O\config\lua\Docs\PR2.1.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
f991c4084df228bf55dfa0e601eebeb4

SHA1
374a88afc8604783879ba020e907a033e4c831e7

SHA256
e1fed60e8e3172e13c9b132a2a7fdbd0457c825c1bd1847f501f8bf4d8605948

SHA512
5592f2fe990a3eec0bd97a0dbb5c1f8487cd12fb9afd00070f02a9401fc2126b4600252de7e063e89ec9719fc4a5bafa1947d5bca7b7219f700c9f32fa589d30

Download Submit