bccb32c80026bef5617536c3f95b48a5b11c64f1f534c36141ed8a33840e72e3

Analysis

max time kernel
95s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bccb32c80026bef5617536c3f95b48a5b11c64f1f534c36141ed8a33840e72e3.pdf
Size

323KB
MD5

c8774453381b99e2fe38b6d8e9341167
SHA1

9785393ba3ece7a7d0e1fcc55b2d421a17e4344a
SHA256

bccb32c80026bef5617536c3f95b48a5b11c64f1f534c36141ed8a33840e72e3
SHA512

fea8c673a4bda3a54e0885a93f6b518d2186fdcdf170092645f24a83a39f74f5f97be7143e48607a49872a219c5d250388a1f10562406b2c293c8f76e33578a7
SSDEEP

6144:vLUc4C0GOFUpeKujTFKkIbj1IBBBBBBBBBBBBBBP1XQLeCMekjl8W4FxJ3Cu24VD:TJznp/uoP1reZeFHFx5Cu22

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1656	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1656	AcroRd32.exe
1656	AcroRd32.exe
1656	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bccb32c80026bef5617536c3f95b48a5b11c64f1f534c36141ed8a33840e72e3.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b838802ccff4705c8dfb87b808551c25

SHA1
6c5f65231d6b32d0598e8e3f95c4e4ba8e5c23f7

SHA256
71e15dfc1317abb85f4976ca53559f79f18b701a1bd1d832298a8cf2ee537b34

SHA512
8d41d0c5d771778dcf248d5da53cc80d7b0e12102b420d6e75f0e862cb9369e1f956d7b33c04065fffd70c5634f50e474beec070f357ce370062864c988a7211

Download Submit