fcf62a9adec286a63e778d99f035c67a3cba47ef4eb76a89879b21fd5d1e99df

Analysis

max time kernel
96s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20243336593627.pdf
Size

415KB
MD5

7a369f23824141ce4278f63debdbaf2c
SHA1

757af58b6769d6960738f083965a017b581830ca
SHA256

209905bb0c61707b0c642d127d733b055d380af7869d5b57be45a6bde8c8d17e
SHA512

fe2e88291730dd24e2db064e46137f3e9235390e64df10a2c59d7c46ed226dbc8e3d4f9c79feb9b5acfefabdff4bfb1420a7054222d87742d6f68f91725479c8
SSDEEP

12288:FNIKDrCT2SAC5QctjaK7SHt35N1Br1dLT0:TIYm2CP1aJnrpLg

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2320	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2320	AcroRd32.exe
2320	AcroRd32.exe
2320	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\20243336593627.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
77ea392a4e448ecee44cafa6085e210b

SHA1
cde37e3eedcdecaeaf0cd9dbed29d294a86fd89c

SHA256
b9bb5569a9509f2e8270c75821bbff966e1c85695b0378dd32550b45a754fbb9

SHA512
5f3b05f4ff587eece7c4baf9fe68f24abd89f29c1cc5af178c9f3e6e9d4d249ff70d2a6f5754164b82068c724dd343cf6ab22bf3feab3a649b9b425666c090fe

Download Submit