9653a41d53946ebf85616b64e7ba266441673b3b4109e4f6bf8bd36ac0d2fa93

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea11034411cf22cc57d055cd7d94eec0N.pdf
Size

1.3MB
MD5

ea11034411cf22cc57d055cd7d94eec0
SHA1

e415562f9e4a842d5d12ec949d481dc5cbefe15d
SHA256

9653a41d53946ebf85616b64e7ba266441673b3b4109e4f6bf8bd36ac0d2fa93
SHA512

a94289c0aa0c3571440d06cbc2f9009f04ecc488431151312d12a5c8da1e325f3b03d8e22b7e9f86fa61d8322b73ffcd4eeaafc28f6ba1832bc497bfb8544e92
SSDEEP

24576:PIo9EWV4jKOx965UL2SKCQNP/FSOCaIEv/:PIo9EWQb9xL27CQNP/FIg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2228	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2228	AcroRd32.exe
2228	AcroRd32.exe
2228	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ea11034411cf22cc57d055cd7d94eec0N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
cf6c6bebff621efbbda470cef1d11de7

SHA1
71dd0472be6bbe7e2822f61aa9f4c7080c3afa7e

SHA256
3544e9614b8ff4ef900610b6ae7e3e2a7a5b6d0be2a310e9a00c4beb5ee78a09

SHA512
bd624fc3c35b5a87b0e7d396772dd75daef7c5c94ea5b9642e73a2425ed4ad14f518a806a9704925c67f8d4c00c1c146f7c39e15ee1a19bf54c942fd644ab33f

Download Submit