b1005933a8bcf2015214db79fbdb9feaa703591ecfb013be4d71921c9d320b87

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56d1958bcb4635e234178d4ae525c430N.pdf
Size

53KB
MD5

56d1958bcb4635e234178d4ae525c430
SHA1

a0425f655168110b2a1245893647549fe4a24d2a
SHA256

b1005933a8bcf2015214db79fbdb9feaa703591ecfb013be4d71921c9d320b87
SHA512

ebcaaf82596a556beb97473b496bbab3ec1667e2888457ee0a046513abf1b61fe0cc4505d3066476cf83281d9eccb3f81914beb12580e4331d4f07b79774501a
SSDEEP

768:CuzdNIggou41dMV+foYlP13UhC4UgM/r/mH9GBqaAue+9mb+BIpyH8XBX/n:9zIW1dMV+foY5/9gMLAT9uj9mb+PiN/n

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1592	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1592	AcroRd32.exe
1592	AcroRd32.exe
1592	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\56d1958bcb4635e234178d4ae525c430N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
074299c36c237de9076bfe11c0ac0232

SHA1
66fcea6f0f1bab79b8ebb59b305b005e44102a79

SHA256
565fdc8b7afcb17a53380e87250ee8b119d141bd1ceaa18f964c5087e9e5c91c

SHA512
85607fe82447bcfebb493ee90ea529dad5b46424dc5c8d74f49279b4a401ef7c178b3c5e95c97d760215eef9354e1e93a05e67b098c6a542d12b0bda8cbb7e9c

Download Submit