071bc9ed61f2be486418d10c593cb6e36928842384862071f594a0dacfbfc8ae

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

071bc9ed61f2be486418d10c593cb6e36928842384862071f594a0dacfbfc8aeN.pdf
Size

663KB
MD5

df8c72743cb336318158a6c1f8ea40c0
SHA1

2d37b7bb5bec38e9de5e8aa57f8340dd4d5b1aa4
SHA256

071bc9ed61f2be486418d10c593cb6e36928842384862071f594a0dacfbfc8ae
SHA512

d0991d62431b38ad0b0ed79c41f96476399bfddfdf6ec07489abf1a086910f1dffba7aa6c5b0a99c07dcab30774dbc619fcb6f979ffdc8397001f8119792ba1d
SSDEEP

12288:4TxZmmPkIiNQDv1B2B5HWthCmDsoFb0p3+H/8rPi5ztZ6ZOwSA73a:2l/mkgab41rPkz0w83a

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1852	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1852	AcroRd32.exe
1852	AcroRd32.exe
1852	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\071bc9ed61f2be486418d10c593cb6e36928842384862071f594a0dacfbfc8aeN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
1929be2504bbdf1ba0f36f2d68837664

SHA1
0c4c39d880bdd13d1ba7392d6f1fbb9e2ac3240e

SHA256
359655fd2b8cf78c69e9baba446a6eeacf08e98204a3721e7e1032c852935a97

SHA512
0c1556397253defa43aff2c0a8d0dff660b9ddd00c8251ee459e80dca4631f7e4afc2e283c8191c3cd19bd23d2cab905d38f47bb58f0ae061a3166967ce58b62

Download Submit
memory/1852-0-0x0000000003200000-0x0000000003276000-memory.dmp

Filesize
472KB

Download