43a2aaecdaea9f68a759dc57c5ddf015ce32f3d1d67d5a3ef32a5ab317feca63

Analysis

max time kernel
90s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43a2aaecdaea9f68a759dc57c5ddf015ce32f3d1d67d5a3ef32a5ab317feca63N.pdf
Size

443KB
MD5

94b9eca28cfb0db247e612be00428c80
SHA1

0281d992881a135a01b2cc3414ae2e49237b8305
SHA256

43a2aaecdaea9f68a759dc57c5ddf015ce32f3d1d67d5a3ef32a5ab317feca63
SHA512

ea70459a04b6b8b16bd5de21366584261fce3850e3a1800b8010b5a7329975260fc50ced5a5bbc13ca4ef142ab5c1aa189517f1bb24df01e3e8730647321a309
SSDEEP

12288:HJ0USXULU9o/9Dag2wY0Iiz9uf08waTCnOie:HJ0SIo/FR59ufGP7e

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2972	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2972	AcroRd32.exe
2972	AcroRd32.exe
2972	AcroRd32.exe
2972	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\43a2aaecdaea9f68a759dc57c5ddf015ce32f3d1d67d5a3ef32a5ab317feca63N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3310fd1a8cab53cd05adbe3d14ad8a85

SHA1
9b4c18495cb644f623adc993ffde317a3ebd5add

SHA256
5fce55db1e706d6d010aade639243204fecba354a8cf78baf28837696ef77f1a

SHA512
08dfe5e29c3cc41bfe4bfb2aecdfdcfd41618648ff0ca7cb32e13cd3423dfc7e06b3c947ef6d48d9185455fa2f77c7ba07f3b682bbf5e1d4b68b235b301d6427

Download Submit