45a4d2eb84689604fb00533ab58b86a7135fe59d793fb8de5c9148b5a22b9ba0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2f402bd75e19edb6ebdba6f0169f140N.pdf
Size

77KB
MD5

f2f402bd75e19edb6ebdba6f0169f140
SHA1

971f4c2e97ebc88cb41a2f57981851801fa23cae
SHA256

45a4d2eb84689604fb00533ab58b86a7135fe59d793fb8de5c9148b5a22b9ba0
SHA512

96398ca9b65fac136a492e40e34e701f48547a801c1f4b94d27389b2d0bd0b146e0eb8d233e8144d0ac881e5ea5e1681d89af541e99ff97f53ebb42786e27955
SSDEEP

1536:XdqGVLo8t4ROtfLm9TnOXCgDF2222WDD+iEFG:XdqGVktAtyOyusX+iEs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2688	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2688	AcroRd32.exe
2688	AcroRd32.exe
2688	AcroRd32.exe
2688	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f2f402bd75e19edb6ebdba6f0169f140N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
5c1eb84996853be9b0d2c9a369391056

SHA1
45ccd60be74b6fcb7b71e861c94474510a2224bc

SHA256
0ecd5fe7906e989da8a6d7cefbeb68cd2ac2f9cc5bd1043ccf0c97dde15a054c

SHA512
b5e3540513e781bdc214ae6da7d9bcc7844d40645c66d2f39a7a380cbc0374761df6b0a9ab49411feff3948a1d7cbd210556aa9c40dd3888cc17558823e5c16b

Download Submit