e7b70b8893d33f079c97b96026f588210bd6bd27e868743fde195f204a93154c

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e7b70b8893d33f079c97b96026f588210bd6bd27e868743fde195f204a93154cN.pdf
Size

74KB
MD5

6d85939e63e1412cb7ad177ac2fa9c80
SHA1

b261d8525209808a268b76386e22bc9f8e96d6f3
SHA256

e7b70b8893d33f079c97b96026f588210bd6bd27e868743fde195f204a93154c
SHA512

72466b5523f57e5900f28362cb497c87299bb76bff5b59e322c4905516c564b8c66ac48958ed9ef64d8b8cd0ff04876ecdea3306e8c0ace793981ee359b751f4
SSDEEP

1536:+dqGVLo8t4ROtfLm9TnOXCgDF2222WkjL6XeQW:+dqGVktAtyOyuskVQW

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
632	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
632	AcroRd32.exe
632	AcroRd32.exe
632	AcroRd32.exe
632	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e7b70b8893d33f079c97b96026f588210bd6bd27e868743fde195f204a93154cN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
2ae48c34a2dfb4af4c3a43ddf38a3af6

SHA1
9658ed7452f8c023a437870bad877198908a75e5

SHA256
c710533a0dba505449fadd20a6c0442d953cdc70bfa7d1c9e155a4da8041cc3d

SHA512
a5ad25be99352041005930366365d91acb46fcf9033684586b22c2dc75a38bdbff7f372bacdd74246f025dbb24baac6e20866fc200774fa9deaddcf475c73bee

Download Submit