31e2ac1d5595bba0ab7edbb7275f3eb35e4f68c640ae7bb8ec35401199efb55c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

W-8IMY Foreign Partnership.pdf
Size

278KB
MD5

0fe7463a38e2f783587127f24cc70ffc
SHA1

1e31bc6f553edbb62f23f0b79b5244baf3ed12ba
SHA256

2d3048e7d83485dde66e8d7904411cf577e5d2f73c71541c804d9dcb1bfb0493
SHA512

3a83f54caa0e702726beba9415e3e629f637adf04237da7d4292ba6ec6b87970f395abc6e51bea5013f7b1c935a6a8929bcd21fcb35b6dce5103a5b15c99ef45
SSDEEP

6144:TsXpFj93w/F0DQgSO7itBPlI8lnNw64c6TG:eFjlGFCQgbqPlXNnR6C

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

3052 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

3052 AcroRd32.exe
3052 AcroRd32.exe
3052 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
3052	AcroRd32.exe

pid	process
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\W-8IMY Foreign Partnership.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Security\addressbook.acrodata

Filesize
5KB

MD5
4618312ec50b52c81043bb6ff393cfc3

SHA1
80537497d939529b34de993b14d96510068bf075

SHA256
e8e27396e2a043abd283eed4fd5b8fa256cc22e741defd522158fc9e29205839

SHA512
fc589a974f35ee83c297784c7d7cc62826854422ceec2d5ff46aa6575f5b2bade27d26c1dfc0686602c81e5c14f75f7abd23e6c19fd90a2dbe70e0f5c09251e9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3b3c312aa08af42287a283afa529465d

SHA1
e2f335115d76072134bfcf82e098f98b5e38b48e

SHA256
5fc5bed24d05ba24d00350ddb2f9a44bc232b0756fce68becca1e6145ea16fc3

SHA512
778b910d03c5e7a00f2772d7d3efb4df52e261014701810891bdd5d48c20be399c7d2633e40a1e68bd8555fd6733455e5a619979b27a94504737aac12f41b670

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d1498ec7e351abbf89e48995e7590e65

SHA1
ab03e7a32627ddf3228712be78e849594779a9d1

SHA256
2ddac842dbc3c9facded10455f3d58e8de9727a073468a496df0a458327f77f4

SHA512
d2d1f9bc216f0090b3f790e81865579099e6769563667641539701c1127ba49157b729c22ffe807523e48b73fcee4bf97cab1f460aba76947a5992a3e5e4ad37

Download Submit
memory/3052-0-0x0000000002A90000-0x0000000002B06000-memory.dmp

Filesize
472KB

Download