f1effefc1e34bfd35461e6a763ec224d29e10e204635ae7e13cbadebc5041bed

Analysis

max time kernel
96s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

584c794b4caccc80ec11d1ca71f7b9b38071e7cb6d13be23ed0a36380e7eb778.pdf
Size

34KB
MD5

d7fbbf1729cfd219cfa5115320f31482
SHA1

35d08b81bdf39b4bd40562ddac570b59612c03ae
SHA256

584c794b4caccc80ec11d1ca71f7b9b38071e7cb6d13be23ed0a36380e7eb778
SHA512

70ce03cdd021d40ae203e805bd44f55497a524ea7f041a28fd9d10e3769060560f3c5d29ffd6ef12643903d518b198183cfc1fadacdf90256702c6cbc6c590c6
SSDEEP

768:O55AaybusXyQi9VWq7vCpOZcIwxdojHTaWq2:05XZ6pOZcIsdMTaWq2

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2296	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2296	AcroRd32.exe
2296	AcroRd32.exe
2296	AcroRd32.exe
2296	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\584c794b4caccc80ec11d1ca71f7b9b38071e7cb6d13be23ed0a36380e7eb778.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
abfb74c59bec46e9789b182172b85fbd

SHA1
70aac7f464c30f1d3a9b29d42cc63d294bc03c1c

SHA256
07e86a5f822592eb154da1c791ef780ba39c9b82dc0cfab7dde31c53a191154e

SHA512
160782506065a1f3a1016f9c76bcdd959bc7347e9f5fd9f2df107a2f85147636dbec13dbd7140c291f0dc367e27d4165d45272b0924a64c90cb2be1e89acb0ea

Download Submit