9b7b9443260d352f54cc433ca1367a9b27dbad65ff658bcabcb711f746cb0a8e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/10/2024, 10:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9b7b9443260d352f54cc433ca1367a9b27dbad65ff658bcabcb711f746cb0a8eN.pdf
Size

154KB
MD5

35a502a3ea8c0858e95d439cc6a87970
SHA1

5b4567e2ec2d7f794753e8fcdf9920a839a0cde8
SHA256

9b7b9443260d352f54cc433ca1367a9b27dbad65ff658bcabcb711f746cb0a8e
SHA512

1d1402e60dee7ae6767bf520c9950603b5d05a93c905969eed7b13dd670657b599842269af0e09011eae5845e32e171584f5e509190476ea4849c10971c20f13
SSDEEP

3072:/BlC044+yirDkQnlLMApkB1ujfZnCzf5XBgLNQuYEFDLgrdw:ZlCR4+VDFnlwAYKfZCzf3gLThYC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2660	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2660	AcroRd32.exe
2660	AcroRd32.exe
2660	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9b7b9443260d352f54cc433ca1367a9b27dbad65ff658bcabcb711f746cb0a8eN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
78514668fedc33513699a0d7cef91238

SHA1
bc535588bb8aee46a9cc1262559d178698ea1459

SHA256
df0381f0ffc228431c2c709254da50297d834091d423a30dac7d70c7fa4644cf

SHA512
e90b84945618820e2221452351bb436dd17c4e58dc10e20bbe90639f16bf94b56a70332ec4dc96976058922e8fc891a6a3d4a8ec6067eaa216fd5d4afc8d95a2

Download Submit