338aefe683c9e2e5a70ce608d50b930f69500a45130a4b93287479c03e248c77

Analysis

max time kernel
90s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 00:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

338aefe683c9e2e5a70ce608d50b930f69500a45130a4b93287479c03e248c77N.pdf
Size

31KB
MD5

2235736681f28bed5426ac76d215f1c0
SHA1

6373e5372ed2fec3016e973d3a72b10c78d7048a
SHA256

338aefe683c9e2e5a70ce608d50b930f69500a45130a4b93287479c03e248c77
SHA512

e89044a5c9657c419e8fce69c44a51da21197c60603f6d10a1379bd0b689af2c0a8b9b6810febddb318c4a3770c17dd856898664b16a349f1b0fd60c49b243b2
SSDEEP

768:n8fJe+yLPqm6dg+/xN6WYJWiTUDcYknhhG2FSxGXuy8EyqNl1MOx:nyOPqHdg0cWYk7y222jCy8l1MOx

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2532	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2532	AcroRd32.exe
2532	AcroRd32.exe
2532	AcroRd32.exe
2532	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\338aefe683c9e2e5a70ce608d50b930f69500a45130a4b93287479c03e248c77N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e8f374d84dbeab9f21da00405b139649

SHA1
85029984775ef6d8387cef6b77e174b73997e6ce

SHA256
d7cc761d75f6c3614bac1973c8581edb7a4b898a4596cb295f5fc86b6c4c3554

SHA512
7cb5f83141dc5a53aaa94090d0773c3e363a9f4dbffeb330b526f261a56ed7f0deed4bc3dec1fba3e2ee48a069af6e2abf9a760383450eb182a13a7fb10f0a6f

Download Submit