5fae8fe2fc357cb6bcbb9e9beed09a280c0052fdb0b5a70af13fbba7c9178acc

Analysis

max time kernel
96s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fae8fe2fc357cb6bcbb9e9beed09a280c0052fdb0b5a70af13fbba7c9178accN.pdf
Size

57KB
MD5

ba25e2cf417ac3f474200b6578b8a8c0
SHA1

44418784435d031cb710ffc3f11233092ad5ad41
SHA256

5fae8fe2fc357cb6bcbb9e9beed09a280c0052fdb0b5a70af13fbba7c9178acc
SHA512

54583b78ad188625db6e1e76df98202a5746e0178d34ca61de8549e74999daaa82f11d2f9cf6fc5fc958228b40855a48f934cb292fc94966e87d1033d85da49f
SSDEEP

1536:GzIW1dMV+foY5gxT5sSYJYF+hO2oO8PymP:vWHMkGl7YZhXoTN

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2488	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2488	AcroRd32.exe
2488	AcroRd32.exe
2488	AcroRd32.exe
2488	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5fae8fe2fc357cb6bcbb9e9beed09a280c0052fdb0b5a70af13fbba7c9178accN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
38b8e6ff3f870ff957bd0a76907532c8

SHA1
75ec490c1d3bd94bac444ee72dc55d22adc3007d

SHA256
b264ae8f9043165f7e1e2893677bad1eff8708b9f8bc0d00f10a5c792a02580c

SHA512
f3b5f9bcf170b0f02cd1d77586300af6c26cf99e1ccb708609072aa0a92c0608d86d6d4f669475cbe18fb350abe40fbec558746a64396308fe0249aa7f3a56b1

Download Submit