1d763457ce25ea3b9d730b9aab31271dfbb9f878147c4cdf56998b43ecb5af5f

Analysis

max time kernel
95s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 14:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

18b61c245728f117dfcc40abacd9c590N.pdf
Size

1012KB
MD5

18b61c245728f117dfcc40abacd9c590
SHA1

610eb82da40bcd26902db03a71c157036e85724a
SHA256

1d763457ce25ea3b9d730b9aab31271dfbb9f878147c4cdf56998b43ecb5af5f
SHA512

347597f8efff3f5b6c554c6d41df87826a60b37bf655d1381d210ba7c75410685ce6c3229620ca1102a9125b68e0661c2bbcc39028e3a458055685c121aaa8fd
SSDEEP

24576:MkcEadAb/DD0TDLsWWrahX/NsAMbpIWb3TwxmoNYF:MkcEaqbb0DIWWCX/Nsxbp/b3Tw9YF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2104	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2104	AcroRd32.exe
2104	AcroRd32.exe
2104	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\18b61c245728f117dfcc40abacd9c590N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c85b3fce01eb78f9fb391ab0b8acc236

SHA1
eba2eed5ed1d0d1d121f07b13304774a53c84b73

SHA256
403044599ca2e2328b3081b1b2ef5a2dc907a86d9ef12816c22bb4ac9ebc75dd

SHA512
11b9e70c21a6f9bdaa29a7902359e7a6c50dedf32474ececc28d6980767097ba9759e0136f66cd94a8c12fcb34cf9650a3b550f7320ffc1db4c65cd6d2c04124

Download Submit
memory/2104-0-0x0000000002CB0000-0x0000000002D26000-memory.dmp

Filesize
472KB

Download