00c976e9adf50661aeaaf36a2a7f89dafde94eded49a51121d8c07a4b71d2713

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 07:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00c976e9adf50661aeaaf36a2a7f89dafde94eded49a51121d8c07a4b71d2713N.pdf
Size

72KB
MD5

4eefbd5422d9d0e088097ef8a0f97160
SHA1

db2c8360d3a3d98db1f8356fa286b733f9035b52
SHA256

00c976e9adf50661aeaaf36a2a7f89dafde94eded49a51121d8c07a4b71d2713
SHA512

eb70aa831bc8bd565847b7b7d1860bf9363e4d59858e691dfb9e9ecbc967af492cab7b6495b19fdab600f66503f7c3dde5ceaddb8e24b368edd2462a73485fda
SSDEEP

1536:+dqGVLo8t4ROtfLm9TnOXCgDF2222WVZNBDI1dKLS:+dqGVktAtyOyusV7BDI1dKO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2568	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2568	AcroRd32.exe
2568	AcroRd32.exe
2568	AcroRd32.exe
2568	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\00c976e9adf50661aeaaf36a2a7f89dafde94eded49a51121d8c07a4b71d2713N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
8ad56c3e43125e7bfe8d7327829feb13

SHA1
d439aa914530a67d6786344813f4413ae9de1233

SHA256
4af5e849d10ff3834e826b0dc8573d4267478f153d1e0102fd9c1fd65d4ef6c6

SHA512
254e6cfd2e1d97040a4415d3d41b6495e474cdbcd8717739273415d3573ec3a718ee86e1a69aca97293b74d31717e5cac422388f3ff97096a0fee2f8ddb16578

Download Submit