eb913e389d15a550ccc2aafda210fb8779aeec2392d8ee76ba1e1c0d879dcac6

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb913e389d15a550ccc2aafda210fb8779aeec2392d8ee76ba1e1c0d879dcac6N.pdf
Size

7.8MB
MD5

955d17fec021e77c6a8be10c17495350
SHA1

6f079a6e9d3db263e68c2264d4bbbace138d5083
SHA256

eb913e389d15a550ccc2aafda210fb8779aeec2392d8ee76ba1e1c0d879dcac6
SHA512

8854144a9f8f3e042e7c0ac4e2d6264a2a5d04e9a0e212c14b9ec6bbd4aa1568119f09019b49f4dc349bd9a21336b4ac99c7fbf9322baf673b7ce5574bae18e8
SSDEEP

98304:AAJvJAKg1kcXy7z4EEnDWoCxDqyMDyQV48E/6kfe8rBUvIUOk76teppD57ekE:AgBAJ1tXy0DWoLTBVjEvNEOk7ZppHE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1636	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1636	AcroRd32.exe
1636	AcroRd32.exe
1636	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eb913e389d15a550ccc2aafda210fb8779aeec2392d8ee76ba1e1c0d879dcac6N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
81add62fb9dd938579fd17d0abac0a2b

SHA1
733fa87b65a076460507d3fe71b4ae7c95a766cf

SHA256
25a5de17c755128b613ef70129ef3a5fa3c3add63f1c0e68efa5af1f90afe18e

SHA512
6d8683b2f98d97212b1faa9a5bfd22d7cd35d3a6b583e35133677548a6305095ae917668151b8e53b942f7cdfee89b3fee814219caf8cf8c9c467b5097afbe2f

Download Submit