0b7220e6faa010fa7f59a7d234cf80c70bb93f023e636ff9f6d692c637ba606a

Analysis

max time kernel
95s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a613983508d9b00762afc3da81b872e0N.pdf
Size

3.0MB
MD5

a613983508d9b00762afc3da81b872e0
SHA1

5fd8ed533bf2eb5975940779209a3c5d317e85c1
SHA256

0b7220e6faa010fa7f59a7d234cf80c70bb93f023e636ff9f6d692c637ba606a
SHA512

09517638379e1ad69fce974a51996b3845c711c1e620a97268d49a74493ccf8249ac48de1c54bda807d4020f50af7e3562aac34643e5e5b6014f1b6ae29401b5
SSDEEP

24576:xyosxMD9H4ay20c+0BFPVsheVIcHOYYRqrmt8p3BLV5oTlFV+e:IoKYH+kshCVXIYwan5St

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2364	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2364	AcroRd32.exe
2364	AcroRd32.exe
2364	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a613983508d9b00762afc3da81b872e0N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3befea1653eab29feb41ea1e2e0622dd

SHA1
ef2b271529132cc501252f4e3fb90deed5b8f186

SHA256
e352f2d4a212cb0e7a760fe62f36378aa645f5510a63b9d633f9685bb72f6dc0

SHA512
931babc77e041c1f57c551d84285a8509b4089202c0a0c7a190c64ea9a210f6abd8b466d6e11e18087e4e0997a04e8c8643664a86f1bacf991fbee20bb18027f

Download Submit