20aad421a6420ea8daeb2a9dba5085cd8f8e874f67196999c171456eb395b102

Analysis

max time kernel
105s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wage_assignment_demand.pdf
Size

94KB
MD5

9f5d80b06aa3be94726ac924bc624f2e
SHA1

05810e620302bafc596fa1370776abc1f96651f2
SHA256

20aad421a6420ea8daeb2a9dba5085cd8f8e874f67196999c171456eb395b102
SHA512

8b99852d88568e10088d074b9a6f3d7a086e318a6bbcb121bb2d2ae8269a187ac7c8a682f58fcb2c8fe749b44f1684535bba33e9ceab8df957cdf99e97cbc244
SSDEEP

1536:tNHZhkVG/HaYx0hK57gMRUgVtpHim7FQTH3uXrrxr3ext6aqDhC7KRspSUCt2A:kw/HtMcpHH7F63kLext6a0oeRsQUCgA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1660	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1660	AcroRd32.exe
1660	AcroRd32.exe
1660	AcroRd32.exe
1660	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\wage_assignment_demand.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
8b9c422a9512afab180b1b61f057c4b5

SHA1
651f9aee6bba3540d3b9c0a893d4f306910f6928

SHA256
99c25c204e5ab00dad10591f10f2c4e6483d3ec87fefcb00691f23e238521dde

SHA512
587939c6bf4d03bd4652b8af5fefabc8e811e8ceb9bef3ebbc6e969add33b012990f86d72d2f6cc338a09abc081cd020872ec450482e43b84c3e5aa05bf7ed7b

Download Submit