489514be4a00012e44b59337bab2b1d82e3ec9531a21441dbfb50057a9944440

Analysis

max time kernel
90s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

489514be4a00012e44b59337bab2b1d82e3ec9531a21441dbfb50057a9944440N.pdf
Size

179KB
MD5

9a8ab6937d4272ab36fe66a8a927a010
SHA1

704e49d7f0c6e82e20a131cf7873f4b1fdad6c7b
SHA256

489514be4a00012e44b59337bab2b1d82e3ec9531a21441dbfb50057a9944440
SHA512

b5ae6d8e3e97b8c7b9fec4af45b413a7bd24cbe5e94012251d987b45bcf67d22eda75a3713ef6236edf54fc16abc15d711c04b9fbe87c0df0ef6013608b55a69
SSDEEP

3072:0ks00Ztv7RX1HJd8SR6uYr5YLOlbJtsHz3tahoEwz659WnMK4QEmj/l:0ZlZtv7RXDmv150OlbCVZGzWMK4Qf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2356	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\489514be4a00012e44b59337bab2b1d82e3ec9531a21441dbfb50057a9944440N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
bd22eed0549d1a045c97a9e2b01423d0

SHA1
b15df299036687fd6020bc3a002f0b200252e61f

SHA256
bf0c41a79c46acab133001f679b18b8e13d1bd7bb91e6d4baf24f289ca7bcf88

SHA512
21d0a6d8cde42d45ede1ea480a3ad62a0f445cc38faa7a21142f0830f22e6619694ea9965b8a7bb2a72169ecf444b5560c22a172817f7a83fe49ac2fa72c3dd6

Download Submit