525a2eb43f2a4c702213723541335dc0391b42a01177e1faf5873e0cb7540ce0

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28-07-2024 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EUPL-EN.pdf
Size

33KB
MD5

254b5ddbc15269e72ba3a0508681a70c
SHA1

2263ae4c0b71bf7be09707d8ffe1176807e8c69e
SHA256

cd5d9e2a925d8daa92d083fd8c1cea48df1bcfffd857f4f93e2148fddc5001ec
SHA512

9bb5a4bf1b5167725e2126ce5152e3be11b7288c743c0d7c71b98d0551e47bce417b0b1c0a14ff523a7c90ec9d0b930a0879b31b22f10b0a068f635103faf504
SSDEEP

768:XWSMyoY3GnGTmerMqJoOunEg5ADW7+1DTsPVMAgjTLRzp/rFQ248gYT23:/93GXovsE+Anm+hJrZL23

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2424 AcroRd32.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

2424 AcroRd32.exe
2424 AcroRd32.exe
2424 AcroRd32.exe
2424 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
2424	AcroRd32.exe

pid	process
2424	AcroRd32.exe
2424	AcroRd32.exe
2424	AcroRd32.exe
2424	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\EUPL-EN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e6c2deae50676429e9155f73b4f13179

SHA1
011d91fe39165151aeb9fe2eac214703da492087

SHA256
669e8e3a374fa535892963661b9219f00ddad43248ec470f1367e6700096305d

SHA512
c2b48aa8d9bf828dc40a8124018e794cbe6e05a30a6ba5739ce0f38c2283ad4484ecf1441c13e5227d86a1359e724acb3cc085d7951c8bcdac311c1ce252f5fb

Download Submit