6a4e78d69307e19b901fb84899ec06b08e6dabe3febee9a6c6d723660352f4ee

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 21:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6a4e78d69307e19b901fb84899ec06b08e6dabe3febee9a6c6d723660352f4eeN.pdf
Size

55KB
MD5

27ac3349904ae0355ef6257cee9b8620
SHA1

31bca19e165b2a1ad5318e58c8968f9787eb4b45
SHA256

6a4e78d69307e19b901fb84899ec06b08e6dabe3febee9a6c6d723660352f4ee
SHA512

b3e1f2fd6cf2c3a2100df5a007f0cf33fae864612870e6995405b24bb77bc7cc17b462f9b5fe4aa948a5187d02e4375f2e43df646dc95b2354f43b708678e229
SSDEEP

768:qobCuuZ44IRGcQjJBnYRmkHslrmKE+xEJd7sUJLej2PmwQuUAr6seG5luZcXRSuE:LCuY4wdnSJ1dwSPdb69G5ZtTRBac+Uq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2516	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2516	AcroRd32.exe
2516	AcroRd32.exe
2516	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6a4e78d69307e19b901fb84899ec06b08e6dabe3febee9a6c6d723660352f4eeN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d835ea4433197e9e568af1f377a3b86f

SHA1
cb8aff17b26891597e06398694a83fefe2aed856

SHA256
5a6d4dd2e3e9feb64497f66121161c9dfd06c0d588abba98360921791aabaea2

SHA512
b59c12f42bd0c59c824277968314e5dad09a72cb3a6c96229160f7a4d14f6ec6e7428a962e0f9d4c0f97923afbc58d87ffc912f8589d2ba2d188212fb8548411

Download Submit