2f81ec4440dda5e6ba692816360065d5319d3d672d8ff9510f5dd0bdbea5b10f

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 20:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f81ec4440dda5e6ba692816360065d5319d3d672d8ff9510f5dd0bdbea5b10f.pdf
Size

144KB
MD5

60122617963ecbc92a5c83f319cce2cd
SHA1

8aec96bb3549372f6ebaf56702cfab0e08a8ddd1
SHA256

2f81ec4440dda5e6ba692816360065d5319d3d672d8ff9510f5dd0bdbea5b10f
SHA512

02b754941c159334ead6ecb0b14f829b1063ee697250dc74061cb8fdee90417c602333c01d17f96046328ec89a4e72a68dbb956604fba3b0cc37c3900ce4b34c
SSDEEP

3072:72k2oi56CLq0bahjnvBmH7mJjZmfRkQ+oYDIOd/WiSHivqAUVb9ANo:72UXsKjnvB+mif+noYDIOd/WipC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2260	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2260	AcroRd32.exe
2260	AcroRd32.exe
2260	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2f81ec4440dda5e6ba692816360065d5319d3d672d8ff9510f5dd0bdbea5b10f.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
cb088e05e39db947ca6472642ed392af

SHA1
775616f801f0084ed00dd8f7a2fc269fde4a53ca

SHA256
15621d49818db3b6f72abc9b8e98623f9edb0bf5cbda301d12d300b297f9b122

SHA512
6349effb78a76f488a6609de9689eb41e0cc2f465a7daaa6669faa17901cefd5806278cc1e699986c2eda499bc264ca386db9a732a037fad2f41e038dfce8340

Download Submit