c028c9de7ab90e48971a1f5f134ef7499440d37727f8f738c59c2a42d7d45d8f

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 06:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c028c9de7ab90e48971a1f5f134ef7499440d37727f8f738c59c2a42d7d45d8fN.pdf
Size

394KB
MD5

2c799b2ddec5cedbcde811bd55a12750
SHA1

340fd9eb4a610506e54fa5f64bddc054f8922c4f
SHA256

c028c9de7ab90e48971a1f5f134ef7499440d37727f8f738c59c2a42d7d45d8f
SHA512

4137f15f45d9d47af380ee456e317f342121abf59c1379f9feff8bc44f117aeda171a1cd63835bf10a7a9e2270654888625ddeaebdb9c1f5ae480e660a0f9a18
SSDEEP

12288:AzlknaaWMvhl6GuwKH3qnnibF2LFPtVv4FD:alka6ltvKH3qnibF2vmD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2368	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2368	AcroRd32.exe
2368	AcroRd32.exe
2368	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c028c9de7ab90e48971a1f5f134ef7499440d37727f8f738c59c2a42d7d45d8fN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
7d894e7344f2267ff9d3a9dcbd123cf8

SHA1
4ba9abdc4b3707bd06d04cec6fd304fb391a2bc1

SHA256
a6c5b9f0cca02b5248c9b0966d6f71a05563e628f2c7d612b5d29457dea3ce68

SHA512
7bfe1a986032226ab512339a3eb8d9201af5858396ccc5842808646905eaf33e302d0e343dab0c4e332895a922556b0d9df6cdfe4cd0733b2871b8ec19863da7

Download Submit