05e5fd79a381a3fbecfab326d6513d995e55cc4b4c0754183aa10cb1c953672b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d3947bb530dfb3ec1245a7d02dba30d8bca87a72da152c396c632aaa87945aa.pdf
Size

46KB
MD5

4c5f9cf7a269c872a9c05e20582ef483
SHA1

0f29961a8f90a9d9586f5287a1d578a5271de908
SHA256

8d3947bb530dfb3ec1245a7d02dba30d8bca87a72da152c396c632aaa87945aa
SHA512

372d46f02a1b1bf57b84ad2fbf834aedbcaf0434bbf7cf5ced71514d29fdc8d424be186006b95e385ee5969b35fca394b778f6c49c4ef4c252a5fe520c05bc43
SSDEEP

768:6OdmNT/wuEvyK6gb7IN+8Ve2aYKK5FMWacpRVKmgHvgX0rwzJQfq4sO:+NU/b7INVJEWasQvgX0MdQfq4sO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2120	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2120	AcroRd32.exe
2120	AcroRd32.exe
2120	AcroRd32.exe
2120	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8d3947bb530dfb3ec1245a7d02dba30d8bca87a72da152c396c632aaa87945aa.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
240a51bb6f1c083aecfa9dd4fd8da6a2

SHA1
aa60943f89d725baff6e53775d1bbc4207aeb16f

SHA256
4f60d505b2f79362950d447fd2d0216786beece169b3497fdf349ec886fc541d

SHA512
e44b45def13f4126e75f0b8192680dfef6a6d22f8cd85060d0dc59789e7c4b3078b8c30f662f53d3e8a42c19d0aa94876fa5014a8dc02035f0cd07f12d2d80e7

Download Submit