01e689be77bfd63cd21d6122e05bfeafcc2e38428967f7bffd2723aa55ba5532

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01e689be77bfd63cd21d6122e05bfeafcc2e38428967f7bffd2723aa55ba5532.pdf
Size

141KB
MD5

0c81fe07b3558cb109a8b4b3221431bc
SHA1

e9a457f97b7c0d0a539f00566d1a377585271191
SHA256

01e689be77bfd63cd21d6122e05bfeafcc2e38428967f7bffd2723aa55ba5532
SHA512

77dac4c50018756d7ede9574dbb4536bdd63e7220ccf0975b75246e098eb8451cac3976464ea1e633052a81dc54a2e7f47bcb6ad4de7d047d0f54074385fb183
SSDEEP

3072:Lxrvci56CLq0yahjnvBmH7m51jZmfpQ+o/KVclNd:h0XBKjnvB+mcfpnousb

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2280	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2280	AcroRd32.exe
2280	AcroRd32.exe
2280	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\01e689be77bfd63cd21d6122e05bfeafcc2e38428967f7bffd2723aa55ba5532.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b1b92ad7f51c0c124e2476c6e27ceff3

SHA1
d6b8c3eb6a38ffd2e44542e1548ed8dca11af2af

SHA256
58af84d826d2972ddbe5952bfc06e63ba2a8c47c217b6a0add25df116ea88e24

SHA512
bdf49ec07cfca3f74a6f76c3f221ea9839fd9140752bee2d1d42a2e6169a820f1531babdbd36e7f1786f3090b44e28d9b45505d10215b50e688abeefd0bde844

Download Submit