1424cecb12eedf4abb4bde55bf907f3ebb791a83ce2965e509fce5c9d0e37da1

Analysis

max time kernel
97s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa3ecae3a39b7d974231dd5ef48552d0N.pdf
Size

1.1MB
MD5

aa3ecae3a39b7d974231dd5ef48552d0
SHA1

3a8c0d644b64ee237ed3dc6e9bb1db4ae4b64334
SHA256

1424cecb12eedf4abb4bde55bf907f3ebb791a83ce2965e509fce5c9d0e37da1
SHA512

cf6a327f6a788fd1e8f545b4ee55fd910471172a63ae0248a5a2d9b2aac34c2eb07b5b634092249d7d17a8a538f80da4f71ed3a1adf620a4bd42b3cd206ba9f1
SSDEEP

12288:KeMwTswSE2BnWhpLRxUnd9AJGuO81QAT1vt:TMJwSEVrKkdWS1F

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1872	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\aa3ecae3a39b7d974231dd5ef48552d0N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a97a9a80972ae4c7cffeb86346b92596

SHA1
107c03e40535164d14f67aa937c118867afae2ad

SHA256
1c3aa97265f7d673b801d4e5f8b5b52230b61008dba851f187a5164f39d18906

SHA512
14630259aeab92eddf5a2293caff594738dd1117feb0a975e137262d94742b82b401b0c1c57e277961fe369b832177a0f1f32d31d36ecba2f6637146ebea42f8

Download Submit
memory/1872-0-0x00000000037E0000-0x0000000003856000-memory.dmp

Filesize
472KB

Download