d0013cade7ee4d082015a59211d1afc92049693c3fc82db079d77ce20e83356a

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b476a49394f9d99fd788982111f74a70N.pdf
Size

757KB
MD5

b476a49394f9d99fd788982111f74a70
SHA1

96465ad8907c8f1f64ba3c788d4502b12047ab9a
SHA256

d0013cade7ee4d082015a59211d1afc92049693c3fc82db079d77ce20e83356a
SHA512

133368e256d46cdeee43b5b35c9afe0cc3a69a27659680585698d61b2116fb01758b9c56a5ed9f14dd6c6eecba2541b420a12bf2fdeb24698a3d62925eb41526
SSDEEP

12288:Xi/7+OB7CL2odbl/+QFJIOlCJntAQbE+vgpuenfDb0yDLSngd0CqC/n9nSpjo:e7tBENdFDHlOt55Ip9fLUzAnEpk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2480	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2480	AcroRd32.exe
2480	AcroRd32.exe
2480	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b476a49394f9d99fd788982111f74a70N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b49d8c0942b25d21bf3303f7dcd37896

SHA1
d38160dfe3899f2120bf4b9469deb67c92fdebc5

SHA256
24230d8591ea5b918f384f989f0e0451d221d7ed7a19ad265fd00e832c84874c

SHA512
6bb4f87c818951cd837b04d7eec87af95b75b49621e2861816b8886f3dad624932b18dc1d7a4add65145e5d368df7c91798c1c473e2853525deaeddcf443b841

Download Submit