cb7db32f80170cce0c4b6cc245ed1a7eea32f125bdb1ac317fed3b84495a83dc

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb7db32f80170cce0c4b6cc245ed1a7eea32f125bdb1ac317fed3b84495a83dcN.pdf
Size

76KB
MD5

44386055cf3c00283a7eb171ee563b30
SHA1

5c999543d4ce1cbf1cf93760006d6f12ce31ecc8
SHA256

cb7db32f80170cce0c4b6cc245ed1a7eea32f125bdb1ac317fed3b84495a83dc
SHA512

0f5d3b48df8af401c1011eefa6797b051a58270fe5348763eb9abfa256dfa9e8c28bedcb5eef00ddfee79a6f91ab57c4f5f5ebd8a6033141bb40ff93f43cb778
SSDEEP

1536:UdqGVLo8t4ROtfLm9TnOXCgDF2222Wob1UNdc:UdqGVktAtyOyusoqNdc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2160	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2160	AcroRd32.exe
2160	AcroRd32.exe
2160	AcroRd32.exe
2160	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cb7db32f80170cce0c4b6cc245ed1a7eea32f125bdb1ac317fed3b84495a83dcN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e3d7bca55d722218ba18ddf75de96227

SHA1
1a03bc9d7bdbcfabaea27d4e2588f243cb304cee

SHA256
eb7a21589af4de4069d84b3d8ae2c4ff143eb6f1cbbc7d1933c71ecb9bca57ec

SHA512
1fcf583b04218dcd61d3a47160401c16d876cb8d87096347547d64aeec84f71ba877ffa89a66ab6cb36783fdaa2b489c191160f5e9b0fc8ac5dc0c280e9ba774

Download Submit