ba17a4474b10a7cb4de9c008cca74340812f96f0be47084e5b54bd6fdd2f33a3

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1af6686771140c6ff0c6d7a76d0d9260N.pdf
Size

8.2MB
MD5

1af6686771140c6ff0c6d7a76d0d9260
SHA1

1c381705844abf28960d7a910d71f48328cf2df3
SHA256

ba17a4474b10a7cb4de9c008cca74340812f96f0be47084e5b54bd6fdd2f33a3
SHA512

aebbcb8edf922e46622fe59bfd2963d85c93b8947455b4567a4007b88a69a5d4e0712a07eea68e1f502ba8599757dfa030726f58141bdee58966f989223e9db1
SSDEEP

196608:MwCGwvVr11ix3PQd2jQZ+l5pBhx93qHm3HHdmubtLO8qq9GZa:MbGwvVRgx3Pq2g+3pBJ3qHyddk8ga

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2120	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2120	AcroRd32.exe
2120	AcroRd32.exe
2120	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1af6686771140c6ff0c6d7a76d0d9260N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
4fd6f95516739398f0b56b91cee680bd

SHA1
aa285a2904c0f164b26e1009f1ce490c3cc5f636

SHA256
473b6ccbf60dfdbdb7fcc0cd258a2636db9084f9093d683d68015069e99695e0

SHA512
e3ec832ac09aedfa3104885d8e65084f56ac520f29d806da1c1700f3b1e5fb707016a44bf53953d13c909ce48f5e8d9c955ee2679b68ec326bb1feeb7adeb390

Download Submit