285a708f7b96a7c52b79be04d1a48a29863fdbe3ac009d017fccf2ffdc61bb8b

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01-10-2024 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

285a708f7b96a7c52b79be04d1a48a29863fdbe3ac009d017fccf2ffdc61bb8bN.pdf
Size

56KB
MD5

7e731bd5650cd691275daf4091436700
SHA1

66f5a6afb967b6ea89e2e034bff0e9241402b1c2
SHA256

285a708f7b96a7c52b79be04d1a48a29863fdbe3ac009d017fccf2ffdc61bb8b
SHA512

66eed7566d52185a0c50acdd07941a004b939ce296064ae2f6b2d2f3ec33a35c313d104e8a3732cf13f52f20409f82040b267aed49818806c9fd0b68d961f417
SSDEEP

768:kuzdNIggou41dMV+foYlP13ZKhOP9fZTWorKLyxcC6ham+4w:HzIW1dMV+foY5WsP9fJWJyGLJ+4w

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2508	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2508	AcroRd32.exe
2508	AcroRd32.exe
2508	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\285a708f7b96a7c52b79be04d1a48a29863fdbe3ac009d017fccf2ffdc61bb8bN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
0fb941755ba1e1a3a190238ce202f4fb

SHA1
12a574e29929a969e436d5c3467b713dacd700c5

SHA256
83f109b3b8cd79239c4692074b48bc6d026257b477980205016e42078248c3e5

SHA512
e90b0cfeee0647207a6734bf73c406c37b4e52291a0f1437d3bc5ebd79922939702b9ea8add9c7cd264538cd01b712d00d78d8e7d8e956356ef2ecd60bbac58a

Download Submit