5e86e90f5fde3ef98ef9f16ec6a9634518d83ee7aa025045a6977acf4ee4fa85

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e86e90f5fde3ef98ef9f16ec6a9634518d83ee7aa025045a6977acf4ee4fa85N.pdf
Size

435KB
MD5

2e3cbcc4dc5f8f43fd63808437511d10
SHA1

3157240fa4edabafe8e14f6e936dabcee24caaf3
SHA256

5e86e90f5fde3ef98ef9f16ec6a9634518d83ee7aa025045a6977acf4ee4fa85
SHA512

267cdc4d2c308084afa39ce59c8f222f24e8de4f610566c88af8d7d7b26521d13215f989ac286fa93f508490380e5c429b947e41cbc0a087056cf7deb6a0b6d0
SSDEEP

12288:rBjqFJ+WuqbOzCXnVYn6Ab8W/Fn73njxBwwSV34k0:VBvzNwWNn73jx+wSVIk0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2884	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2884	AcroRd32.exe
2884	AcroRd32.exe
2884	AcroRd32.exe
2884	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5e86e90f5fde3ef98ef9f16ec6a9634518d83ee7aa025045a6977acf4ee4fa85N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
8e38fe7eb331bd376bf91c0a241b0ed3

SHA1
423f4f2bace17c3c6ee8f48c394eb3a2e2395cb6

SHA256
d853deb2fbf115e4fb83b537a0a5ea8dd951dcd902e7e392f706b45d17c9545c

SHA512
fcc8e68d80d711b6419b8460b1dde24615d74b42eadbdafabd01eac2c4e4fb6e029c24702ffd0d6202e47cd01188c3bedade56e5d0be62ef5d7fc481eec84ab7

Download Submit