ea664194ec2d37f6995c167b338bca4ca82326bca2508466c368b9559e2a1a65

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 17:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e5e67c2335e8522847261b3d8208cb00N.pdf
Size

147KB
MD5

e5e67c2335e8522847261b3d8208cb00
SHA1

ae0b48690cab64246bc9dd13bd9524358dfc816f
SHA256

ea664194ec2d37f6995c167b338bca4ca82326bca2508466c368b9559e2a1a65
SHA512

4dd8cb8c604cb68efd0ccbd198b62ba29f2a28311c291658f79c2d8a1df62127acc5a105955000e71878a797610d10e384757bd2cd48f78ee073d9b0be832734
SSDEEP

3072:kmC5xi56CLq0mahjnvBmH7mBjZmfdQ+oHgVA:j2xXNKjnvB+mqfdnoHgO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2252	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2252	AcroRd32.exe
2252	AcroRd32.exe
2252	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e5e67c2335e8522847261b3d8208cb00N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
41e6210643ed1591e9ab148387e3332c

SHA1
1d42db59c31abc8f05db3822ff672b3d2617c8ce

SHA256
60abf208d3756bc1b5d4a2be49ec83d025f116ed7eb85949ee166593124174b0

SHA512
a5e421530c3ee3f7315fd888d3bfee53d99735199ff96abf6549365bba5f8d1ab7ef32e29326930e7018a5e94e9b6a3bbadc9aa86bd4f00790422f101d1b2656

Download Submit