15d46cfb5eaeef205006165573fe3287d319c0658f8ec451bd6b2594487392ef

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1b265a5b429683354f70b6b88aab340N.pdf
Size

20KB
MD5

f1b265a5b429683354f70b6b88aab340
SHA1

2d2236dcb4b7d84468e76ef45ab8b6d985ae9396
SHA256

15d46cfb5eaeef205006165573fe3287d319c0658f8ec451bd6b2594487392ef
SHA512

c96e36b61c057ce360f6baa2a18995a0e445ae4dded41738eb6a73eea00ad578e34f4fb5d2f0e121356d6140de72e9411932c8da4a7476c776611ec1bf25215f
SSDEEP

384:AW81FG6rYl/gNhY0NmXtBILWIM50+TakFAYynvdEWAo9:hGk+6gNtowK0+24AnWWp9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2112	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2112	AcroRd32.exe
2112	AcroRd32.exe
2112	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f1b265a5b429683354f70b6b88aab340N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c40d5bb211d20fab2bdf54ef8149b3aa

SHA1
3db6e95c9ca17d008523a98598688f90d8f37a54

SHA256
bb8a9adbec19d7faca7e5827d9a0949abdbd0a744feee6bda1439a4cd982cef4

SHA512
82628abc8ad713f7db071c0ffdf00bf872a131e5a41b765788e8f41751bb686519a581ccda429ce59870c728321862a06d3fe3edce8b3434ecba088724361f45

Download Submit