70b5306a7ac68e2b07177f5a7d398013f4d1d67d7508f3b64e9eb3f1cace50d4

Analysis

max time kernel
23s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

420-23015-24_від_10.10.2024/420-23015-24_від_10.10.2024.pdf
Size

8KB
MD5

a60099eacbec024584b46b7fbc9bf7ae
SHA1

8f974bda924571f5b3a7c6c53f82facd200cb6dd
SHA256

c0881315d785f5045791c1511e5ce4336492227f94e7b049ebd521df80ae5f98
SHA512

02d2a99b8277cd724c1677245e1eb30f8772de4248a1102da6ca76056f5da7822e751c23a62ead9f196de80becac8a1e01a1d11d46f43ce2b87bd54739aeb19f
SSDEEP

96:ey9TfgBTG3Xpe54KMesK4YUI3p5bXkxkMSL+RekxkMSLp2ejhO2ejhO2ejhO2ej+:39riG3XY5/sgUex1dbfAfAfAfA9WhVze

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
804	AcroRd32.exe
804	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\420-23015-24_від_10.10.2024\420-23015-24_від_10.10.2024.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
9c3159d31716896623c7cee2b12be617

SHA1
9b499a8ec0eea3073ed35f90a84145c1a3f48a93

SHA256
62fd4feb009985abb7e99fa1f571bf74884802dfebd139ed4e758b0cf617642c

SHA512
788851e1eb12ba16a4c929098be60f112b8bded8d23bcd4d92ee6c786687659e4135914a1b75bb4db943febb2238030c76d8c9302771a9efd496ca9c8f7098bc

Download Submit