e5d505c73c5fd049526bf82dc848c5d6f65d6a56f7fcfd7628e293ea4bd16854

Analysis

max time kernel
95s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

roblox/aocl-roblox-main/docs/compat/ipp.pdf
Size

34KB
MD5

64312c81a1abd0f2557d6a1e7081aeb7
SHA1

d26fe816501b0e8c8ef77f1a666edd948940bc70
SHA256

38e1d50f6105cc86158990be57ee511df28c20242319b934337e39e65df9cd7f
SHA512

b227ac758003da98e0885f181f768349f55f008bf09c8b5acbb858839a29c553a39c5c149d1eaf76578e0ff88ee39aa6847339e8be50a4aa692b18a9e25eaafa
SSDEEP

768:O1rOg66r9HrvdFzE6pUnIqduKbXduWT1eI4U7dUtY8INobaFVbI:O1vjr9Lvd26qnBdnLU44Yd18soT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
828	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
828	AcroRd32.exe
828	AcroRd32.exe
828	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\roblox\aocl-roblox-main\docs\compat\ipp.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
2c96b3af0137aa7878fd33e861ce3e7a

SHA1
676f8f5f8f618ed4368f102f55f07e8be282a65a

SHA256
c182bca6a39d459d27db10c330a30a3f7b5b0a9302f11a9dd4bc7aea762ec5ce

SHA512
efb69c574d9cbdcd9392321fb34c43c496a709343cdfc5d6220c75c248eca8f2ae1891107e23c0ec99cdde457b3ad2b642273d8fc24f0d0b5c5d7208754b1ac1

Download Submit