1ee66c037e2d69cd0748c7538116f61d68df5fcd2c2e1afe8f2bcc08ed2e6233

Analysis

max time kernel
1556s
max time network
1561s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mwalker Payroll Increment Bonus Sign&Review sloepm.pdf
Size

47KB
MD5

a7be02e362c323b07ce5d4e2bfecb5ce
SHA1

2670970f5298f095e9c151660eac1ee1094566d6
SHA256

1ee66c037e2d69cd0748c7538116f61d68df5fcd2c2e1afe8f2bcc08ed2e6233
SHA512

db60d7208d49bcc7ea1d9b45b22b20dd1163222526fcb2a5f61d043da8e7e40c796a228962d22d3b82910ff294e3c9017a27b3b9975eb4ef10c185e4cf29a9d3
SSDEEP

768:WQT7E8oPnVPaHvASvlccLlfufqz+8nyYEzRAQDAQ1z7O76Zq:WQT7d2kvASvO1U+8PE3DAQ9m6Zq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2260	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2260	AcroRd32.exe
2260	AcroRd32.exe
2260	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Mwalker Payroll Increment Bonus Sign&Review sloepm.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
5e640ccc510fb990a1e1a4432f9b1ba6

SHA1
b628c665cff08f0b5f8a8da79f81520b28d88a2f

SHA256
afd7112eb63ead5464ae16d4220671d5bdd33e03f8505a10d18adeed44f83a32

SHA512
78a41c502dbafa0ed36459fab39d74cd7b38b69edba0fe617be47ae5233a4c353d9bd0276a0a98897eb8713943c6b48ee1cf79714fb6ce1c49d977512ec5019e

Download Submit