ac20e5694d94b5be1c424cec9d83720700fc2997b682808faf0f786970812e77

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03-11-2024 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SeroXen/SeroXen Documentation and TOS.pdf
Size

389KB
MD5

268a35fc151093712fd931438266733b
SHA1

0cfe4de8b721ae00275f171874e975143ba4e5c3
SHA256

f3329fc8e298719361d0799fd3aa160ccc860fad1cdbf2d5b920370561079d24
SHA512

60f12acab903f4213b2e6f96e0e4ef4d19b4378d0cd18e86b736e1ef4daecbf18f926d298a60e156fce06d4af4121636133cc87d61ce7aed815e66240ed2cc03
SSDEEP

6144:gHN9PzWipJ6LIgy6WW9OyfnFTGndbcF7pVEtiOTwl/BdGqgZzu6cXmnV:saqcLIgySDYdbcJ/Etol2zu6dV

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

AcroRd32.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid	Process
2096	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid	Process
2096	AcroRd32.exe
2096	AcroRd32.exe
2096	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SeroXen\SeroXen Documentation and TOS.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
43ac40f0f8167913efd54aa81af2d092

SHA1
e42951669e6e805f12aab8daf60d87293947f3dc

SHA256
29745e8f2c4e2c080aed644bf32cd26f206fc9cca878f8b861f2eccecbf9e460

SHA512
a107b00d264efda0ad1e1c2589c23050dc260a555d10d0ae4c6af2ae8824b4af3260729929d472078db30f4ebbe807d783cc42948d78791056a2bcef6710a873

Download Submit