7a3224d9ba6eadb17d1cbc90339a008a8ab71923e819ecd01a606cd5455124b4

Analysis

max time kernel
90s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a3224d9ba6eadb17d1cbc90339a008a8ab71923e819ecd01a606cd5455124b4N.pdf
Size

397KB
MD5

f44543b2dde1e5053ec69d8c99748b70
SHA1

88a7141e1bd8a45a424b88906628e55b5eff5b84
SHA256

7a3224d9ba6eadb17d1cbc90339a008a8ab71923e819ecd01a606cd5455124b4
SHA512

3e609eec6745ab5c0a2eef47bc34add29ae8c3a289392387c2d894cefd480dda9f5661bfeaee622ba5e96e36bf2a5cc36484d504baf8622553dcc89ff973d07a
SSDEEP

6144:qGzsAOWhqXq0SzLD7fhjpwh0OVlD/sKN1zi2yBXkDK7g61w8DN+YRINeCoCJ:qIsAO7DSzDhpoTDkKXr8GYf+OI/

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2112	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2112	AcroRd32.exe
2112	AcroRd32.exe
2112	AcroRd32.exe
2112	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7a3224d9ba6eadb17d1cbc90339a008a8ab71923e819ecd01a606cd5455124b4N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e58c3424537a21d459babf91b8b2adbd

SHA1
dbb7acc8d33c32e093f3bee0c55460e83f8fad76

SHA256
1956492842eb4fcb38f7a1fbb07747d57d878b84d81c4871a340aef26c01aa15

SHA512
914c05781a41f89b9dc703fc247f80baebb137f6cec37b77ddafd3102bbfc11820c82d8ac8d88f0c9f0ba14e88ea72881cf343057decce1440cc50d66b30456a

Download Submit