6f050c7c0d80e2f2eb1a936ccc16303786060a0a08ce74280a3a3acf973d5770

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

998312542866628c02f73aa4dd80ca50N.pdf
Size

55KB
MD5

998312542866628c02f73aa4dd80ca50
SHA1

fe540a59933c9efab3a5ea00672bc3af69127360
SHA256

6f050c7c0d80e2f2eb1a936ccc16303786060a0a08ce74280a3a3acf973d5770
SHA512

f298577ff7c6fe0e614a796b345aba1f9e3d2e1f94a8bcc05e29ff1a283729436a9abeb0419f539e0068e5f103edbb7f0c5c83bdee9e8bcc5a8c603dc28127b0
SSDEEP

1536:XzIW1dMV+foY5aZjz7kwAWXas0oTd3D5G:MWHMky37kuXacBT5G

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2220	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2220	AcroRd32.exe
2220	AcroRd32.exe
2220	AcroRd32.exe
2220	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\998312542866628c02f73aa4dd80ca50N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
cff4982bfd24a978e1704552855c8399

SHA1
b1175aff6308c1c078331a7763fc6e1e30408b4e

SHA256
42243c17c6c21942c501bf42b3035205b48b822e296ea3b999bee169837a94f4

SHA512
5125636171d9305940d1db851425415345c5831c181d079975192aee904f8d2ffe4ebedb16f7ff77b3a63aad3efcaefefd7ffc98923a921b411573342e187473

Download Submit