82562ba446365de2f065002c33ef737e4bb3872fd3e04d209ab4804f0dc333a5

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82562ba446365de2f065002c33ef737e4bb3872fd3e04d209ab4804f0dc333a5N.pdf
Size

72KB
MD5

587319d26815217281ce4c7343e80430
SHA1

e6b6ee4a1f4c8abb9940c5736705ec3509d6bc2b
SHA256

82562ba446365de2f065002c33ef737e4bb3872fd3e04d209ab4804f0dc333a5
SHA512

e736f220b5e22894c1b7e88da1547e7c304b3d2693d17e4a09368325191989f17a6d2167a9af227e44453ed51d79ea266a17240bb2e84f2d36c6c267569e6c7c
SSDEEP

1536:qdqGVLo8t4ROtfLm9TnOXCgDF2222WE0BBYU5Mtoyf:qdqGVktAtyOyusHBBYUkoyf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2584	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2584	AcroRd32.exe
2584	AcroRd32.exe
2584	AcroRd32.exe
2584	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\82562ba446365de2f065002c33ef737e4bb3872fd3e04d209ab4804f0dc333a5N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
f05541689e6fc3dfd0f0bb15895d9d27

SHA1
039effda9cf482273bbdc8358cd9bdee72ad4a68

SHA256
1cdabe0e8af5261385931fe8f61778dc93ff5b7fa4b712ae9711f8089feee1f2

SHA512
6a42196fa513fba239f4e4ff0983a710fc013aadf05e17f172ce8bf43c5d01a93df86c9214d37e3552093f268597adef12881d7a08e205d573667817c6869253

Download Submit