d309cfed87030204fe4a51d39c9d7c386f9d24cd8902c278a58d92aa2688a3e8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d309cfed87030204fe4a51d39c9d7c386f9d24cd8902c278a58d92aa2688a3e8N.pdf
Size

3.4MB
MD5

f940e17c7344aaf4209085c9a1949960
SHA1

908309f650f2c581670d9dd1d53a96793aaaf12e
SHA256

d309cfed87030204fe4a51d39c9d7c386f9d24cd8902c278a58d92aa2688a3e8
SHA512

d1356194e96713c7b0c9b84d3f86e3113284a23260fcf3a818fbc101081d2f40686ea569a98a069ba3985383866946de881b7ae2ec6d821c89a8507f9f53321e
SSDEEP

49152:3joHRqYaANyR5hMeydOXCAPY8kK3RKEz7S7SjQTYaOSSskai76VxtVsO7y7ot:3jJ6k52dOX4mQEq7IQ+jsvi7M/VsOW8t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2888	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2888	AcroRd32.exe
2888	AcroRd32.exe
2888	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d309cfed87030204fe4a51d39c9d7c386f9d24cd8902c278a58d92aa2688a3e8N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
051f617089b11bb8662fd7873fe7588d

SHA1
1cb032c391b5bc6cbb73efcb2a82842a2cd90d3c

SHA256
b09fb714ab2d627b355b2a20931753bca9810f67f88d68d6c03171ac1b8bcd16

SHA512
cc7f2e0d37d6ba03cbf573bb880d64d6faf512ae830cb29a2a437e891cf9b4bed66444b9e3b32da0b0f4045d73a972ef858a4ea67f3f5a7f979bc9fe4aff67ca

Download Submit