93f8ca1e747838065696c1552ff16811075c90d37b0f38851417f9e9ac77470f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-09-2024 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b5fd81e5259c5a529d0ea5a6ba7a52a3d31ba2ca6a973835530e6dd2b23ea2b.pdf
Size

90KB
MD5

c3da706618727389cda6fbc792e4e4b9
SHA1

d150f3da5d012ac6f6d636a766a90d051f30f9e1
SHA256

7b5fd81e5259c5a529d0ea5a6ba7a52a3d31ba2ca6a973835530e6dd2b23ea2b
SHA512

db130d1597fddc4a97f184a02cc496f0b8e87b38839ab366f6091d494ffd7a1b6564161e1b8fcacd16f95a6219bf94c4cace189cf98ddf96e4c87af3abb32051
SSDEEP

1536:vknsCP8aUZL3w5FKYocXZWN+9Nc0NEn31Bij2RH6J9hWIipmY34FnykoDWxApOGX:cs28hL3g0+ePiEn3Pij2RHc1i97RM3GX

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
996	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
996	AcroRd32.exe
996	AcroRd32.exe
996	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7b5fd81e5259c5a529d0ea5a6ba7a52a3d31ba2ca6a973835530e6dd2b23ea2b.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
64ba64e66d8face426c64a90885322d8

SHA1
e88ab88b04fada75f66c1d66a2182f509cd8ba0c

SHA256
dfe28460570573c11d528cd9874fda871fbaf371a021a981cc7ab60c786fa6b5

SHA512
7665791ded3b9e987fda9632a0c7d7c1669ae4d5d84afcafdd373fd446af7d93f019c0fea3c0130dca4bc6dc9a7f1b7b5aab78da6009051f73f8630635d10570

Download Submit