c83b4f2a87c50889a8c475f539d9866a16a747d1eae44c4f59c8b359ecbc38f4

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 04:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

970d0972d8fa13ff1942eefc6eff8b90N.pdf
Size

55KB
MD5

970d0972d8fa13ff1942eefc6eff8b90
SHA1

3bdec95120cfe708e42637c37822b640c237fb53
SHA256

c83b4f2a87c50889a8c475f539d9866a16a747d1eae44c4f59c8b359ecbc38f4
SHA512

bc280725ed5d9c04843fdb6e6093d41401452a43bc259cfa1948901d174c42b7a665f716d11b26895700a34519df8513ccb9bd096dfb36f7d103a3cbb27133c7
SSDEEP

1536:wzIW1dMV+foY5uqTvCsO6BNisTRYlOTa3:5WHMkIuvL9ksTRYkG3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2468	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2468	AcroRd32.exe
2468	AcroRd32.exe
2468	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\970d0972d8fa13ff1942eefc6eff8b90N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
572efbc90303124e91f62064409def77

SHA1
3dd4b03e908aaf7fecb919f3e261e3fd409ced76

SHA256
a69c2769928fc4655ba552b296e76708298629feb4c78bb6a90c2a9dbd4256f7

SHA512
bf8064134fdb80b81847bc030c4edc44ef2d0195b7169ff56ac85995e979ad1e3deae300659fd71d8ad9674d22c062f1a59ae0efcaae9fff5321d78d13cfce96

Download Submit