185c749db2d75dcebe89ca4190a175f40dd0b8f2cfe2ca0f53dd135aa24cd0d9

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Invoice INV-0004.pdf
Size

50KB
MD5

dde09500a00b0972ca35574f7a170d61
SHA1

83ab678da6f92c7fad17edac2b2c4b0678e564f2
SHA256

1577581f0f080fe7f3f159f1366a44bb44516421d830a2c9a7659f0b7898b4ec
SHA512

2819f361d38a256fd5d875561e478e7c131822f797a1d9cdda69c38500070143ffe6c1636838a69382aa55aa5090d474fb2d9c37a45fba218de5e978dc21ec96
SSDEEP

768:8CJdKwxCDdhU9e4E/AB6rFkoOd80VfDk5LK4gMfnRCIYn20yZ2jF83haYiU/LkHF:g5JhU8IkFUWG4gMzO20Tq8YiUzkHYq06

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2492	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2492	AcroRd32.exe
2492	AcroRd32.exe
2492	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Invoice INV-0004.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ff18c4d48765db24154ec02b0ecedac0

SHA1
74bb7702f4dab11df32ac77c6656c15267f7b069

SHA256
fccb68a3d99277233ccf5ae166d8031404870441bfaa1b995d874a1c4dbc0ac0

SHA512
ea8c3a2b272e2373fe9f0cdc100edcfdd68e1c8658ec983417bab51ff34c172706ab05ed61aa61f6640ee18f37545875d075317668976e85b8229a12520e3aa8

Download Submit