50d5691b960761d7356dfdd57b01f90056ce9f016d321b34738f82d9676090f7

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50d5691b960761d7356dfdd57b01f90056ce9f016d321b34738f82d9676090f7N.pdf
Size

57KB
MD5

148778396515e340b3ea466497678b30
SHA1

8c2ddc188baff05e6ae1f9deae2128a53ce51251
SHA256

50d5691b960761d7356dfdd57b01f90056ce9f016d321b34738f82d9676090f7
SHA512

8df6c8b2f25d5f041ceb61ba4ca9b4e8e5105d1935411e9ca51e04c85ddfb0d7f73ebe4d81dad82bd1d478e3bad10bfccbd389458fa475748aa2346c0e76a9c9
SSDEEP

1536:MzIW1dMV+foY52AbGbG0896CiuV89VwNUq:FWHMkjMGCCpVoGmq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1792	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1792	AcroRd32.exe
1792	AcroRd32.exe
1792	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\50d5691b960761d7356dfdd57b01f90056ce9f016d321b34738f82d9676090f7N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
8b27d53f39dab6345da9e270c6b19315

SHA1
386579b3ac9dbdbc7258b4e6745d1785a5430d67

SHA256
943b4a7f38a1dc5767a34eea1e586e90645decc590853ae8cc5827c92e067ae0

SHA512
f4ff8801b6ebc7ff1375babc779e88c49b5dd1752736c33894f15f3527b5815dae660aeea5cf527b069f8c93c46b2a5f0af78ac33f5572752a3493c707760aef

Download Submit