9554328a383293356c6a861a5d08e78c55d73dfbf217025cf3736b0369bd41ad

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9554328a383293356c6a861a5d08e78c55d73dfbf217025cf3736b0369bd41adN.pdf
Size

474KB
MD5

b85a70dc7882d510529d3d99c8fdfaf0
SHA1

b97e4885222609a4cd7d6c0d7841c5aea333b1ad
SHA256

9554328a383293356c6a861a5d08e78c55d73dfbf217025cf3736b0369bd41ad
SHA512

f019a8581a26d4218e363cec0f384615ae6ed354392447a0c905f7fe3537519979449d7e5b58d176bd737acd39d04548972d04a1a8161f4ed0dac7a10142a274
SSDEEP

12288:yQJdpnWJe1hiMct0/7eeU4uUIhktxc87iNVmw9H:yW8kkGRtZi/xV

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1168	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1168	AcroRd32.exe
1168	AcroRd32.exe
1168	AcroRd32.exe
1168	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9554328a383293356c6a861a5d08e78c55d73dfbf217025cf3736b0369bd41adN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e9cf646af453b4cc9402fb55b5862e05

SHA1
068997e0aed6b468f44b2815bd9be0114d7c263e

SHA256
deda1c2c292cd3f27e056606523fb2ea6d517bb26d37b6f2f618c74a06b90cdb

SHA512
4f8ff1bd0171730bb62b9afb2b8c73e8e471e8b22419d95ddda0c8cf6a38f6f748105e50ec16b9f04e5112cbfcdeeb4bb72104803cccf27e2ab4781ff05e1b9a

Download Submit