0eb031297a498b682b1721e8210fbbea20d062f8d9fef24bf14c56c0416c7a70

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 13:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9486a5e0b3eb08ba2843849086dfdfa0N.pdf
Size

133KB
MD5

9486a5e0b3eb08ba2843849086dfdfa0
SHA1

6625afbb0265be5409292af7b2a68bc22847e1f0
SHA256

0eb031297a498b682b1721e8210fbbea20d062f8d9fef24bf14c56c0416c7a70
SHA512

fae873fcc8291253425299c822db2641d2c46e0429bc23754c935eac4e3ad6d827669f61899c6fc11b6b733d1ac9871f43008d2f15af95d7b2a41c648156dc8f
SSDEEP

3072:SwXkpJYQB2i56CLq0yahjnvBmH7m51jZmfpQ+oYRWiE6u:lXkj6XBKjnvB+mcfpnokWd6u

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2036	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2036	AcroRd32.exe
2036	AcroRd32.exe
2036	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9486a5e0b3eb08ba2843849086dfdfa0N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c3fdf2f84e2b881304d5f7803943bd80

SHA1
ec6de278d02857e0b1a61cab63fb0da5c32479a9

SHA256
fb01051cf224b6843274b923871478296fc812ceb55e99283327462c4df6bfd2

SHA512
4a8d5457807cd39fcff1cc191d6940d34b5fa1328ea274ac1ac1b46b360a9541fb3d338d092b89b03d60dccdd7f0cefccd881456e4bbc87ed19cb6b37473e976

Download Submit