6e400228c90d94b9669c713f05e66bb93a016486682a306b822241250fe2d6d2

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 06:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e400228c90d94b9669c713f05e66bb93a016486682a306b822241250fe2d6d2N.pdf
Size

105KB
MD5

e744de5f620f517e99365e0185137ad0
SHA1

101d6bed07894e87fd4e93d8ae1514a742bbc87d
SHA256

6e400228c90d94b9669c713f05e66bb93a016486682a306b822241250fe2d6d2
SHA512

35a9806f31121cb2d1eac0822b1b38f9f33bdd868ffcb4837ee0664f99975262e6f0efc0c6dcb2d40d691f4b77dd7fa1356c1b5f75fdd6899b9224b5c01e2ee5
SSDEEP

3072:6a+8/g8kLiKtDXLGa/mD+USJSgg6IHiFzNHNnD+YA3oictTiR:6a7/g8+xKsk36IYnDCoiQTQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1732	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1732	AcroRd32.exe
1732	AcroRd32.exe
1732	AcroRd32.exe
1732	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6e400228c90d94b9669c713f05e66bb93a016486682a306b822241250fe2d6d2N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
721a4d044d9677ed557115a3b178499c

SHA1
e51a2b3c5ab20d66d215603baf6be1f4620dfb96

SHA256
55c242365e4ac08a217a70d3afed4f574f7651efb711daae06d477ae1249e592

SHA512
e30cff94aa193584678d02ad773166f5ffd1c63d7076fb0a4217fc02884fa9a8d9a1aba18e02a38990d0e8e2ec0a1f41e1d5893bbcfa1a8b7af90c0cebfab336

Download Submit