e5d505c73c5fd049526bf82dc848c5d6f65d6a56f7fcfd7628e293ea4bd16854

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

roblox/aocl-roblox-main/docs/compat/openssl.pdf
Size

35KB
MD5

dd27d72b048fd2edb24d5d98b4feef16
SHA1

9837740085a3120fc070f63d203de049a480a4a8
SHA256

6c4eaa8fc1f5bf485bedb2010cb61e975d9ba0ee4289c3533e2582f17442ee86
SHA512

90df1e10d2c352e1ce20d3da1ef8299f850380067050133d24005f3acd193c6ef60666f68b1f29bda881efc7821f4d9dbb896463e2ba490b9436c635b9635ddd
SSDEEP

768:I1ZnWKf0xLpZGmcJkX09MrH1D4hD2wSsew6HIOtRaZMRX/JHcknozs7xYf:UZTfhmcNSHV4egkaZUBnUf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
576	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
576	AcroRd32.exe
576	AcroRd32.exe
576	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\roblox\aocl-roblox-main\docs\compat\openssl.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c38e550122e37f755eb30b2cf65ed413

SHA1
23eb88e4c59c8754aa7b1840c6c28fcc847170bd

SHA256
8913297ecace7a77a4b5eed762a9b671d32c407a38246347ac4958500c8da9f3

SHA512
14d351fe6f4db687c63edde32d544aff9ab7dc28c27de6868aacfc7640e6431feca5807296c7379b040cb14d95090e5db5f64745b10265b3e1b81bc00d87ad0d

Download Submit