7d349a4f542399574898181f06575029c57ef18f1efbd91d5cc667d6cf9f4558

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/11/2024, 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

说明.pdf
Size

122KB
MD5

9e99ee5680201031ab6770955eccfd3e
SHA1

bf4c62c62e7282fab99bb88f93530a9944cdddc1
SHA256

1d223a0ffb1706a03ba0566303211c682905e420a3be5acc07f8f10e150aeec2
SHA512

e6988353479dbc8b1cf64371d9b41a477e2516cfb21712ee8ba684e85a217c02cc6fab2a350ac1cb26105d1ae4ad57e4a99d8e768832400ba2563c7ba28095c4
SSDEEP

3072:3sR/hHvp+YfEyC/uyymZUD8f7ocvPIH/j:3QrRyUwmHb

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1560	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1560	AcroRd32.exe
1560	AcroRd32.exe
1560	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\说明.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b7e7ebad5b35676caade18386a8e1e08

SHA1
eebe0f63c23056ebc2bc5e0ab079186e1bed4b9e

SHA256
dbece5c556ce1e27dc8e87e9f6e89289156b5e74b3991fd2e5c3f8ab3d66144c

SHA512
60007cec9c855b4e0e069393bdf40bcd814e5483808391ee6ff1bfddd5627a868c17e1821546b36baf6fffa6ceeaa940d1c707687c9ece900da2a21b7f79533e

Download Submit