fe9951f31a3c64e82fc977b7023de23a5f10d27b28cea2821f8ca51a4bf8c6e6

Analysis

max time kernel
90s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe9951f31a3c64e82fc977b7023de23a5f10d27b28cea2821f8ca51a4bf8c6e6N.pdf
Size

400KB
MD5

1baa28b443e469b1670fc11e549b7590
SHA1

90990378dfa93f4e8ae655c2229105575ddf3c58
SHA256

fe9951f31a3c64e82fc977b7023de23a5f10d27b28cea2821f8ca51a4bf8c6e6
SHA512

fe6dfd976b9957a32ca71348d1f32a3bd7cc89c5e316374d614152dd88e3b0ea067df26548402c5f6e1151147a8a379431b9b1d0f9648356dafe382d7b35a8a3
SSDEEP

12288:4x+C/EXg8YYO/aLaw8e4qmVcCxZkedFRXM:S0g8gw8e4KCxZkejRXM

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1712	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1712	AcroRd32.exe
1712	AcroRd32.exe
1712	AcroRd32.exe
1712	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fe9951f31a3c64e82fc977b7023de23a5f10d27b28cea2821f8ca51a4bf8c6e6N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
df3393286552344eae3aa7653c69445e

SHA1
67b520aecf818fe069cdffe2419486d8429eefdf

SHA256
fcce2aa5187112cff2b8e7c5de187fe73214825152e9acddac7b1eec5cd0cfa7

SHA512
c1e574a3c31b544d81a8496b33c26614286364eca0e8f19d334fbdefdbf01b4bc573c422040cac6e57e5fe5dcf2985a2af60d9bf89e89c4a9c53ec1ebb351962

Download Submit