6fbf5abab7dbd2ed8c5b626b4b06162cce1831efe2103ebe96043db72dd61269

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-10-2024 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vv/vv.pdf
Size

109KB
MD5

fe8882290d7fa1c4dc489075d16f4f93
SHA1

47bede05a2c78125b45890887acc28e2fc3f3d0e
SHA256

04266bd9cbc224c4f1ca78dccf0ec7c48ba81346ab55303fb9d49d3b55c3cc61
SHA512

a209c1ab3d6fbdaa4d8ae944cc53fab21ef1c7ccd744feb8bf81a4e7f72067ca5af90c23de3084d5f7e6748e4b78850c8930793645ad7aa92eb36e8af3a6e36b
SSDEEP

3072:hvo+TSa0iwPaCwxxZtiJeZxUa7i3aIbWm:hvo2LjwPpwzVpu3km

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2148	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2148	AcroRd32.exe
2148	AcroRd32.exe
2148	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\vv\vv.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ab8febf2eac47293264e80779f8f951f

SHA1
6b1965d931758b967278986099d38775f5d9e2af

SHA256
838e9e83a7ee110777fec937e48e732e577b251df6f173968b921bb8a1f2ab0b

SHA512
5a6e052c2328b53f625ec59a8ee02ceefbb654ee15abad2fd9853a3046ffbebc321f2f2957792ac2a2760aad6cddcfffac3bfb785dd79d0a64ed51fb8fba2cd3

Download Submit