ad6a12151fec6d98cc1b2b2b81a74f799cde00a6215c4cc39a6cc305110be8ed

Analysis

max time kernel
96s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad6a12151fec6d98cc1b2b2b81a74f799cde00a6215c4cc39a6cc305110be8edN.pdf
Size

189KB
MD5

9d1a201565951571cb23e36acee98110
SHA1

eefe904206e66619db0443ea87d5b573a9838e69
SHA256

ad6a12151fec6d98cc1b2b2b81a74f799cde00a6215c4cc39a6cc305110be8ed
SHA512

e050802ecdc746c77ab79d4821512c5e5aa02ce75f44e2c0eedcc447f0dc45914c433f6c90e4e4b22ea4179bfbd2595d384b132f1bc4b81b7d2d645e83a7bfb1
SSDEEP

3072:FAJNR+8Z4nkGblpQqzgQx/bsfFKt9lhVRLh6cXSvk9MWFWWV63zongGkrb:FC48+dHbtsfFKphhngWYCyX

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2116 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

2116 AcroRd32.exe
2116 AcroRd32.exe
2116 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
2116	AcroRd32.exe

pid	process
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ad6a12151fec6d98cc1b2b2b81a74f799cde00a6215c4cc39a6cc305110be8edN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e707742355c804ab6c14e6293a80c295

SHA1
13024027d941db217fac762055a0204d65df699b

SHA256
03c4a377f066a9b13fa2c84e373018adff42dbdad7deb09189270befb0954995

SHA512
d8d23eb7972eb66d8e3ae4ef9f85f25357a496995cc17ebade300fd6e9594a1ef94228b3502abf7618f89bc56ca920379e17efe9e6b7219b87ca1e504eff5e7a

Download Submit