070a545c8e1bc005cdc7ad082c991892e5c0be3eda72e8933e45bd22228309d0

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b57c33bd517f46b8ff2bc6dfe782948b6a67c8a0fceea8207eafc5fe7607097b.pdf
Size

80KB
MD5

377388a70f3214bd3f8b2b019f7eee8f
SHA1

269cb8bb36079fe0852ee0b48eed7616178a61f0
SHA256

b57c33bd517f46b8ff2bc6dfe782948b6a67c8a0fceea8207eafc5fe7607097b
SHA512

232521112044b289dded4be7c06b1401820f6811766643a2b0693d26a8109a472261a6bb0a46e787dfcd3a01adda9f9b40e8241c0bc11c94b7d0813f91eb553d
SSDEEP

1536:v1MPGjVtqX2m/IJMkCKXjBjsFG+4YXanm7QoWjKYwSDWxApOGL3S/Ziqh5:NUDXfIShKzBjs8+zggamSM3Gehb

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2784	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2784	AcroRd32.exe
2784	AcroRd32.exe
2784	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b57c33bd517f46b8ff2bc6dfe782948b6a67c8a0fceea8207eafc5fe7607097b.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
5918300f7767e73962cebdc392b30e68

SHA1
f792b60afc21000515a9e507569f4f3b4228a7ff

SHA256
ac9403090ea8177dc29ab47d1ad98dd43279b68a70fc113659419b02591014ce

SHA512
957563163ef862c3c73914a7e5775f2d501d4fc83f56227c7d1c396b27916928a9310cccf6d017b1561e10e10c497046991a22b97f4d95123322b2efe05cf380

Download Submit