59beea4c3d7fb8cd29aa75c5fd561e127bf4462f3b3d07ca31a6f347362f1c36

Analysis

max time kernel
1216s
max time network
1217s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Документ-2024-08-03-17-05-19.pdf
Size

137KB
MD5

f8be537fe1f5b495bc7f1210b3163948
SHA1

24dbdd0b0ca2d301365dc937a371f6e1ca9a1eb6
SHA256

59beea4c3d7fb8cd29aa75c5fd561e127bf4462f3b3d07ca31a6f347362f1c36
SHA512

53de8a90eb5b11ed0636187754a47bbcc6a2851cce6544fabd44727a497c54498c733d30ed91ecc2fbe3c47ff8dae71fa2711251162ae750173cb91cf777b4be
SSDEEP

3072:UuN5enFqp9pWboa9+Gpddg1Lrk4uegKo4KXMWzSgBFh1yd6wE:UVnvbLvsEHegKQSgBD1PwE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1636	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1636	AcroRd32.exe
1636	AcroRd32.exe
1636	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Документ-2024-08-03-17-05-19.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
f3f2393ac7967a4510e53e9b097bc768

SHA1
776237f4b699d543585405e15dfd435b82f50795

SHA256
0559951991f381a147b261e83b0744ae9ab695bf47915b6456452af607e1aded

SHA512
ba2a910521605ad0142af3459ae797cee9ccfbc2994dd815291cd0fc98e99c6907ae1ffbc27ee4904c93a961318eb881eeec1b630efd62010e1f73b46958d960

Download Submit