5e7dba82cbcbc60d649e9ec35cb529b54608cd0c99773cf4ab10b691ecb44036

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23fc231f09c45b71fbce294cd48d0f6b2590ed032ada0792f2419e7c7af7d95d.pdf
Size

85KB
MD5

f6d79c432e8c0787451df4e807c2bf77
SHA1

c7a384f359bf35fdaa4f6fa87176e967d342315c
SHA256

23fc231f09c45b71fbce294cd48d0f6b2590ed032ada0792f2419e7c7af7d95d
SHA512

82f1a120f4720ae3ab3902f5d9651505c6f66d0908d8664c8ea20a8d27ad0e0a37961d9fa1dc5b1740aace23cfabdeca32c82f3d4f98fbb2a9168bf96ed1c062
SSDEEP

1536:VfSkf3ZSewQ06XhhzAvXuxh/pvJsR4pJcL/OdxmOgyWGnHVM8PRWepOicXna:pSC30ewj6XhhzAv+xhxvJTv+mqc1duiz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
712	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
712	AcroRd32.exe
712	AcroRd32.exe
712	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\23fc231f09c45b71fbce294cd48d0f6b2590ed032ada0792f2419e7c7af7d95d.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
6ce61adbf869de04ed84507cbda7da4d

SHA1
e53206a5a7b9205542457706329f6f9ae521b47d

SHA256
8d030b6260b9a8467f2409df91f03fface6d81c403d647d1eb1f0d2dca84ee7a

SHA512
52a772377a6bb424b8b81148287912089d2ee71ecd1300ca0a3da4aac18b9bfc815808866a339a2bb8000b13332c3e02092b866e6522a9f4530b8c7a3b41c279

Download Submit