7f1387aa7f5e9c40850925c188dd93e1bbaae90c6a859baa5e1c1851183e87c6

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 14:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f1387aa7f5e9c40850925c188dd93e1bbaae90c6a859baa5e1c1851183e87c6N.pdf
Size

282KB
MD5

7bcd72601ba89dcfffc147524a4a6730
SHA1

f70f5f659d74cfa8716b981fccf4aae3c42dd572
SHA256

7f1387aa7f5e9c40850925c188dd93e1bbaae90c6a859baa5e1c1851183e87c6
SHA512

bdf331f716f98bd51d6ad8e6d91688a8bfd4e7119fd31d41fc3446b7f4e3661404154d7dbcca527e6dc92f77461602e899fd8eb5b2018592d990d964b2e7a878
SSDEEP

6144:BptYhYaCWriBcaboFSJPN/JX/i92iEBj1tIH+5bqK:BpqMKEcabRhX/yRCj1aeJ9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2092	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2092	AcroRd32.exe
2092	AcroRd32.exe
2092	AcroRd32.exe
2092	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7f1387aa7f5e9c40850925c188dd93e1bbaae90c6a859baa5e1c1851183e87c6N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a73b69f9b650a00617bec5b43faedafe

SHA1
64a016beee0d3d7d5dea1a4c362d9be49ce25645

SHA256
59dbb26eccf0ad76dff12057a00d883945cae6597360dbe0785a4320c58599f8

SHA512
b50edc4c6cf7fabda29200068de2ae97422e096c2449dfc2cc6f9880393dc3d9c0532853ac81bd960784fdfe8b9ee07ca5e8d5f5bc136f320f2dc96b7598200d

Download Submit