94b19c13a37ca59ad4155a85dae887f0716b83cfa45d3c16c2abef97789ed95e

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5972a291d03a3f9d59da3ac41da6f07de68f3ee58b441de1afa65f6237e6a55e.pdf
Size

72KB
MD5

118bca13143c628abd022786af5e4b9e
SHA1

a128fa6b70425812013c22c6897c0e584e79cd4b
SHA256

5972a291d03a3f9d59da3ac41da6f07de68f3ee58b441de1afa65f6237e6a55e
SHA512

e5ea0c469c054dc5b13b9b72666f2153e660a3f1d2ba92f86ae218eb84269a14356ef99a5f1d4452a584efb59cf73f3022384b0b30e6f14c46d49cf50b7bf7ef
SSDEEP

1536:sdL4/JtaZ9rfO7ZZxhLOjwC9JWsk0WapOtQWdLkW2Ag5EQjBrM1u:B/DaDOXxhLWw48nVtQWdLKAg5EQtT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3052	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5972a291d03a3f9d59da3ac41da6f07de68f3ee58b441de1afa65f6237e6a55e.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d2347ea39abddece2b660ac456063c87

SHA1
3d5786a342fc30e381757f61f20b072f466b6753

SHA256
3f4c6f6f93ba5f2be992ad31c9f0d1b9874aeb603f8500e79c747b7e1628abf1

SHA512
b5e1401200f671edd83913435de597272189b81434cfcbf8c2bae45b86761f13f7e757bdad6d2374e28219f2d3fd55d8b47189525211182a9ff25c0a94734899

Download Submit