c599c1376ebd2e6f2eef0a122d24920036d03bb51cb5a726f00fdbe55fcefed7

Analysis

max time kernel
94s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c599c1376ebd2e6f2eef0a122d24920036d03bb51cb5a726f00fdbe55fcefed7N.pdf
Size

73KB
MD5

cbebbc5bf5ef01beebdc682a74b30880
SHA1

b2e5fdafece33472337321d2f9cefcdada3e03c6
SHA256

c599c1376ebd2e6f2eef0a122d24920036d03bb51cb5a726f00fdbe55fcefed7
SHA512

0a79de536af36ad978c25d0b2ae67edaefac53960b6e75c6560f014634f59c7868a8e6d5787a6f68dc64143d0eff756782855e4c031a79690680355c4b27b9d9
SSDEEP

1536:6dqGVLo8t4ROtfLm9TnOXCgDF2222WvUkWHxb+:6dqGVktAtyOyusvTWRb+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2116	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c599c1376ebd2e6f2eef0a122d24920036d03bb51cb5a726f00fdbe55fcefed7N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
8dceee77e72ffe59b805da031abf63c2

SHA1
1f45cfd16531aa12ff5c882f90d1f46db924780e

SHA256
499e690fbb83d5b5e141d9433e5d139dad497899a9aadba17c33ccab7c1ccb15

SHA512
6763bde7949b083cb2fedffcb1bb26f217f576a479242abe079235a8259465e3683cf41a246bbd094013aab7a26dc0d836034738255b024e66e1d096baaf30ca

Download Submit