5e137040b49f6172c5a7a3d85c0bbb9e1c89ecd50b10b3f697d5ef2d94cc009f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2af32afda2903350b4117810fdb16b0a72b72595a0c7af051bf5556fca1848a.pdf
Size

85KB
MD5

2674746af860c36b346b1c676df26d63
SHA1

12a45682e31157a47951cab7795c98ceff5ba725
SHA256

a2af32afda2903350b4117810fdb16b0a72b72595a0c7af051bf5556fca1848a
SHA512

2d0f1e8a23a65b5f0d66a2b5bd5d75510de033d525cd9732a77f5cca7f8b3964f8557a46f967ffe87b9f62f108dd038d12ac7cc49d7c826225cacf6b2ff4c93e
SSDEEP

1536:/13AA/Im3BdTpQ0kCVsQUVRpNDmuJeHXK5W4kU8TTdWxApOGJFhkI:tj/ImRThkCmpVRpNDmuJe6v8na3GLt

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2860	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2860	AcroRd32.exe
2860	AcroRd32.exe
2860	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a2af32afda2903350b4117810fdb16b0a72b72595a0c7af051bf5556fca1848a.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a44e8be370cdf9a342c774b05294be7e

SHA1
0094a852a66b3723b5b490c4277ebdbe9de5292e

SHA256
d0254195bbd8f6a62e2f2e7d9c0f4324c1de3b610b697f58a03b1924899d0911

SHA512
c0eaaa0bd5add10fd1209348f5fbf8a585e70ff25937745c9d6796056ff6f792eb6cc319e79a3a9172922f73d9b237086327f2cfe5bab80d2e22d3fd5bc637af

Download Submit