3487a3742a7d3a0559aa3d53735ac31ea593ef46696dc082b7ec28fac2cee66a

Analysis

max time kernel
91s
max time network
22s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3487a3742a7d3a0559aa3d53735ac31ea593ef46696dc082b7ec28fac2cee66aN.pdf
Size

584KB
MD5

a8e9a9380bbde40101452553ecf8cb00
SHA1

b59b18af5ead003e1487cee85a6fb593242f12af
SHA256

3487a3742a7d3a0559aa3d53735ac31ea593ef46696dc082b7ec28fac2cee66a
SHA512

4252c7dfde12313c65a7873c1f246084875c5df8aab667c42febdd2732c058c7f65a35e24710322f0856ce83c4189d3d776f15c5d99a1939e235638b2c1c92cb
SSDEEP

12288:dt3qGsUQQTbH2CSZsDOGPkvoxB3RD8SG2dqNRY+JcTOvK5DeZcdSdBIHhdoEK:dt3qG4QTL2CS+OG3vG2wP1cTOvltIrK

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2656	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2656	AcroRd32.exe
2656	AcroRd32.exe
2656	AcroRd32.exe
2656	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3487a3742a7d3a0559aa3d53735ac31ea593ef46696dc082b7ec28fac2cee66aN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
37dad208829bd7769f77339596496f31

SHA1
cd4bcb93bac3f4e43ce20f508fa6bebbc1e61bc9

SHA256
803141c3fe78f956fbe0e61eb233dc70f30e4bd73f740878ae28a41e2e10ba0c

SHA512
e19de7e7342aa1c47a8ef764c87fe15d54ddb3d1ebf72303b7aa42590b677963f3792e520ba3198ede0f3ca44f9e51af77ed635f7658b2ece26102d622fe2ca4

Download Submit