7803a89800dadd2dc096aea57bc121e69afb7e65d6a6179a82b2dd7309bc8618

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/10/2024, 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43dee8bf-0bb1-445f-c536-08dce2c305a2.pdf
Size

156KB
MD5

98a5eaef7b79c9927f20199c4c0497b5
SHA1

0feca5867fee3081678d666f9b6880e7383b2f0f
SHA256

7803a89800dadd2dc096aea57bc121e69afb7e65d6a6179a82b2dd7309bc8618
SHA512

c179737ec80d8ba6297b8fb8d01ac5250eef55ee6edcc46c53d4bfd071410653ac7524729a8516bdecb710b68b3b4bd932c6ef7d9130b6feca2fede50515d351
SSDEEP

3072:QOQWMq7+69hGoU2uziPKW5p8Ws/IGIgFWkiE9CV0m2CXdL3ig:Q07+L2lPX8Wsw5nkZCECND1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2400	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2400	AcroRd32.exe
2400	AcroRd32.exe
2400	AcroRd32.exe
2400	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\43dee8bf-0bb1-445f-c536-08dce2c305a2.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
86dcd2b6eeb7d36f2d1059dfa10ae356

SHA1
1cdb1b5b33bdfe1607c77184c468b9f7e7394d4f

SHA256
71b3747e77bc70df4685664563f7ec50905ad727c5ab23e83f79d166ff8a5615

SHA512
d291aec82379ea740d35a108048af3cc1cb02be25f74040910fba58fa9160a2ab7997a83c5e3d9e2535868414415dbd9ddca8f988967d5c96f61421d53ef9d6e

Download Submit