5f8d1a1b669341ab83bbf35273e6b387c6d62481ca7aa49d5bbdbbfcd5fa9daf

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab644b3ce0b0d3746236b8d21e2a6860N.pdf
Size

8.2MB
MD5

ab644b3ce0b0d3746236b8d21e2a6860
SHA1

b9882538d705d95abf711106ee71f08f958006d7
SHA256

5f8d1a1b669341ab83bbf35273e6b387c6d62481ca7aa49d5bbdbbfcd5fa9daf
SHA512

285595058948dae06fa67f1cd23fdfbf8fb2d5b2e9c8be566807daf48c8204e3a9e32bc13377a5554443df299b501691d98f4f4800c28dc8f6772db37673226d
SSDEEP

196608:GZN5y7UdDniRCY2qglCx3sGJUuuAY2iuUjYnWYIQ:GZvTdDKR2qgPFAY2ojl0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2980	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2980	AcroRd32.exe
2980	AcroRd32.exe
2980	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ab644b3ce0b0d3746236b8d21e2a6860N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ca20ae23ab4364369319750fac7c2c19

SHA1
a3ad34351a81cf0ca1f713f9d8433f60ef469edd

SHA256
6edab4be0d2f5c144871740cdc5e614f074229cf95ab96227194c7ae1b8898c8

SHA512
de2ca2b78aec549f4059ed251f51bf9892ac5082f2bf921b61f90dd72c3efb3e59fe3b35481fa743c1124af18c4607385aa62edde88a02c92dd46737f228d717

Download Submit