6710044fb56004624b40eeaaff12e82590171f656a8f2806342211d7ec3ba932

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07-08-2024 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66a46520a952cd29f32ed273cf080000N.pdf
Size

133KB
MD5

66a46520a952cd29f32ed273cf080000
SHA1

a5d18465967f4d29f85a1ff940eacf610428158f
SHA256

6710044fb56004624b40eeaaff12e82590171f656a8f2806342211d7ec3ba932
SHA512

3bf1d715ac8b93fdf665f415543506c287b287e16801037c45c49fea43f7a110f0c61cc0e8622629678f476c27ec1bccc6d6df6ab73622f3a7cc2e285c364b46
SSDEEP

3072:Hp2li56CLq0mahjnvBmH7mBjZmfdQ+o6BePu:AlXNKjnvB+mqfdno6wm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2996	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2996	AcroRd32.exe
2996	AcroRd32.exe
2996	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\66a46520a952cd29f32ed273cf080000N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e237025edc089b982898095e49859585

SHA1
e5e29c04d8581958c6eba51123731a4b5e202958

SHA256
ad56337212735d7b0896c5df66ae53c76c1c9d6c792e131d5cc302958bf462ee

SHA512
76ac77100f457af70039cfe9d4707287f6650f667520d750439229415c15b220efaf4093c13d94f62943e2dedacb128915cba6f9424317af325425c97716572b

Download Submit