c85cf5ba815eb60ed147b20e2aabab0274028306e44e93ea7670c5b212ec95f5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59e97d99c9f017945fe801b42222d500N.pdf
Size

35KB
MD5

59e97d99c9f017945fe801b42222d500
SHA1

5724ba24cd3e70616770ce78e147ab1d6829e28d
SHA256

c85cf5ba815eb60ed147b20e2aabab0274028306e44e93ea7670c5b212ec95f5
SHA512

5d00628563a52b662835a336df1b10cb1a580dd2485af8d6f1421224b1fd99938322f66f97bc2002eecafa2ba417248f4adae62d39312e60e5641e31658b1882
SSDEEP

768:CgGzpD97eJQ8PyuCk5R0zppjvLzpCGz2vFyw0UMksgW:fGFJ7GItBvLtevFyw0UMksgW

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1868	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1868	AcroRd32.exe
1868	AcroRd32.exe
1868	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\59e97d99c9f017945fe801b42222d500N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
78461e0940c09af4d8113a733b98a0c7

SHA1
7d910e42407a694769a77f87a40c691655f841ba

SHA256
71820dd0a39d95b6cf35616c8575c7456ba04087459d9182dffa35e040efe965

SHA512
7188d342ae92ba8d9b8e0cc805b96e30a65fef74c18272164c9ff792d864c7a310bfe6e4f8fd6dd353e0b47d7f889cee7870112e1dee5e2e7378035a0013e2d1

Download Submit