54e4bdd519b11743fd6a2965682dc1a7d53e679a5492d8e2f376fb01df707a1a

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 06:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94913c5e5dcc2a12599fad74d7056250N.pdf
Size

88KB
MD5

94913c5e5dcc2a12599fad74d7056250
SHA1

5bea50e286cd5bc9f5126746d01de4ed22ec49d3
SHA256

54e4bdd519b11743fd6a2965682dc1a7d53e679a5492d8e2f376fb01df707a1a
SHA512

ae4cc7ca48e6c0cb1110e5e01392dade90f677d2d6156485e154baf4f7fa620902a2204bbee495ac906826ad9f53301e22b7daceba5fc02b18e4e13dcac8272b
SSDEEP

1536:nYoWdKFtbHRe+sx7e0HE9PiIT0C+mXCn2MYDCZ91iqMG9Wo8QRQ//7es/:IwBRBY0P90C+mX7DC/1TMGknQR87R

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2636	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2636	AcroRd32.exe
2636	AcroRd32.exe
2636	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\94913c5e5dcc2a12599fad74d7056250N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
79f7480c8704bfa74582abc6ec4a01a3

SHA1
936ec86aa6cfedfa66ffb2c12e33b9cbbdcaffaa

SHA256
09e7e57626ba1c840ce2eeddf6d735574f1babe6b1539f395df95703afed100a

SHA512
9297f42b8780b4e36e012d90bc14055bc7e37444b0c948450286d9450803650bb901a09e6e3a20181501d24d1046f0cb1d47669486072eb70478f3216ecd66ad

Download Submit