09674d0705b335ffa75666d6576aa0b03966f272a59867321e3b1e5f86ef04f9

Analysis

max time kernel
96s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff63f85e6694299e63f736dab94aa540N.pdf
Size

138KB
MD5

ff63f85e6694299e63f736dab94aa540
SHA1

0b84075d050aea2a1cbf02afb72db93975013b5d
SHA256

09674d0705b335ffa75666d6576aa0b03966f272a59867321e3b1e5f86ef04f9
SHA512

e92066072e02b93f612a7ab3ac5fed1b68e42edfcfea98117e3ca0c7303d605f36ff3af900b5f352fb1654df256ca146a1272d41c6aed91a70db9023ce7b361e
SSDEEP

3072:fRjm9i56CLq0yahjnvBmH7m51jZmfpQ+o2YHyND:fmXBKjnvB+mcfpno52D

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1624	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1624	AcroRd32.exe
1624	AcroRd32.exe
1624	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ff63f85e6694299e63f736dab94aa540N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ce1b20ae4ac0ebfaafb068bf8e0fd91e

SHA1
1bc727654f0b90b10e50861b307c7abd6c434aef

SHA256
7d471b532e7fd3068454d6e306cd0fe49eaf25a7fcb81be74c3f5417a6506f98

SHA512
6f6e632a900afae2120bfcd7acb8a7d44411c014c2f7d07e4ff7fd2d8416081cb0306625a9ee55ad56ce2ef4fe87bf14ed20f50be4f0dc4e331d8b0880df1207

Download Submit