5676127602c7d95fa65ff7a7e6616387d774461d84db4a5906abc031b1354202

Analysis

max time kernel
94s
max time network
20s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a29a238fe5487dd963357fd722ee4ddc465ca1b808f59e070bcf1040cddac02a.pdf
Size

77KB
MD5

7af1941d8caea211b11d79454a42b40a
SHA1

35a0c3733aaef030ddf1fe0ad584982552c8f40c
SHA256

a29a238fe5487dd963357fd722ee4ddc465ca1b808f59e070bcf1040cddac02a
SHA512

7235f1d3af55676de6b7e6ea1a8c734cf73daccdd598e03ad3f845cb08d1c2b65dcd8b3853d8f2ed748dba720ba2544ab6cb71d7709da9d0ebd7440feedea4d4
SSDEEP

1536:ajiQ1ySwB+O0SL3/0aCilCoDZNLIduWEcPyBgb6JGboRW8pO7Tv2T:gt1JwBZSilCQNLZcKBgb6JyoI7+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2508	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2508	AcroRd32.exe
2508	AcroRd32.exe
2508	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a29a238fe5487dd963357fd722ee4ddc465ca1b808f59e070bcf1040cddac02a.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c25d323ac1918581eaea6b041507af9d

SHA1
1168d5ae17b8d51f9af07e528a2f2a44f1961162

SHA256
39a6b39c9afc1f64cd40718021d72447d405d754010eab66fa9e00aaaf4d488c

SHA512
620b126cecaa5cd8f2e7e843f711f6a48455bd70496bffbca913d58029969bd7f17f3542acecc109e9b606a8be979bd6b5d7e5fe938f3dc0693620cd1d869671

Download Submit