58a7cfd1fab1d4ef5e52108d9930f6dd329909642e84e41c84598ccabceaf13b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 20:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

58a7cfd1fab1d4ef5e52108d9930f6dd329909642e84e41c84598ccabceaf13b.pdf
Size

16KB
MD5

519a9ea4a587a6eb5af888ca9aa1a6a4
SHA1

ecca1dc057d8f033fc211a3cffa43249296074f5
SHA256

58a7cfd1fab1d4ef5e52108d9930f6dd329909642e84e41c84598ccabceaf13b
SHA512

1aed00cb5badf43f1d0592714bd8c1927a95da89c7bb363909c77ad775ea51b274b08884387f0f7c5afcedf0b1c85f5403d6a1ab1a75c61631a32d85e2e8405d
SSDEEP

384:Ws3tEF4BByEXMGShHI5d4yiie/9AkkBvk6YMcCMYZ:jQeUob+9HkQ2Z

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2028	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2028	AcroRd32.exe
2028	AcroRd32.exe
2028	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\58a7cfd1fab1d4ef5e52108d9930f6dd329909642e84e41c84598ccabceaf13b.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
497e9c94eb68348bb9b8fbdebb38b65d

SHA1
b1e7b3923281532a5ebd7b213eb9bd578f4ee0dc

SHA256
f73da886044f009839135544fe281771bd96ef4f67efb5f6f460778bc0c0b30c

SHA512
aa644ae286881e527c8ba68e2a78d4f3a78ed2063d39a5781f195eb16d86730417e8dc10d1de4a9140b37dce4809b155900c055624ae4f66ad914604b0d5caff

Download Submit
memory/2028-0-0x0000000003560000-0x00000000035D6000-memory.dmp

Filesize
472KB

Download