d69c15fb4be74b5eac2cd6363dcd96d30d0f99be5ed164b95ee3e8b6c3f512dd

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d69c15fb4be74b5eac2cd6363dcd96d30d0f99be5ed164b95ee3e8b6c3f512ddN.pdf
Size

967KB
MD5

fb06e550dc2d2b697af816a08f5b4990
SHA1

d2f71ed2227a3f6ada45ce79e32972cd1ac70149
SHA256

d69c15fb4be74b5eac2cd6363dcd96d30d0f99be5ed164b95ee3e8b6c3f512dd
SHA512

55640a459fa477d88f1f6b26667702f953d2da7534b0eb4d3d16980be5dd702e758273ab7dcc9b2a81a66d31def0acc5f014fb4b9034844f7acf4a659212809d
SSDEEP

24576:P1yRbx5S8CHxSmCFIJ/5FPAh7vO1o+J1BzgfHT:f8CHxHQK5F87vO1o+NMfz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
376	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
376	AcroRd32.exe
376	AcroRd32.exe
376	AcroRd32.exe
376	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d69c15fb4be74b5eac2cd6363dcd96d30d0f99be5ed164b95ee3e8b6c3f512ddN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
88a08e1785f7b9d12327e32fb374e9db

SHA1
0e7564e9645fe6b611ad213fb5a0c907dd64152c

SHA256
4e6736345032e936905676d091dd55c466ed0fe3ba9ac9cbd0d62a5fc60e386f

SHA512
1500cd7b7083f93ce84f7b170494e11b6fcd3136661dab6896faa2c5bfeb04b1caa03a1ab5ec2b2ac1449656d46f84586d2fe41a2a0004303121f0e51beacaaf

Download Submit