cd574993d577a5061a645231a7d4fb0b8f06e730e2ee4d0c4eedf42272c6d2f4

Analysis

max time kernel
92s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 15:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

inv_6685.pdf
Size

45KB
MD5

bb4822b00dbc4d28bce1874920cac492
SHA1

fcd99d76f7187e18d6857b44e50298a59b2c37b1
SHA256

cd574993d577a5061a645231a7d4fb0b8f06e730e2ee4d0c4eedf42272c6d2f4
SHA512

418272ca5fc478c1c57f53e049716924a67b02f32a8d1e7f153ccbf45b64f380f185d13115c0deb2dc50552319da218262f97f6adab60637dba5ff7ff96d2099
SSDEEP

768:NG0VxUPvPJQRRrLTiiiZWQWgmQvauFOOWoc3r/yjA63zw5eR/6+vCOYbvvGKM7:ZbUP3MTiivQWcaK1c3r/ysIzE0pqbvvi

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2876	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2876	AcroRd32.exe
2876	AcroRd32.exe
2876	AcroRd32.exe
2876	AcroRd32.exe
2876	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\inv_6685.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3cc2b9ff2816465e94ddb87792fc0ff1

SHA1
5cb7f54b51d61073085a0aa7a08846ff6f6866a7

SHA256
495c3b426dfa4dbe8e0331c253b9fda0e0f162fb0c27cd5790a816a04989ac87

SHA512
772292447e1aab056d368e8254e5f507c3cc8c543bcbca2facee643ea053c81a257fa834a4d632cf4807663efd66f6e77e8de1262d10c72ff1ecd12cb450effe

Download Submit