2d08691a89ccbff1f599ec57baeb99d1e57770cb513ed7f436b6ddedd984fa14

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d08691a89ccbff1f599ec57baeb99d1e57770cb513ed7f436b6ddedd984fa14N.pdf
Size

344KB
MD5

2a53087953b2d2b997d52a5c52af99e0
SHA1

e2d225955cfd87333859f2e6cb6aeb54ee9431c4
SHA256

2d08691a89ccbff1f599ec57baeb99d1e57770cb513ed7f436b6ddedd984fa14
SHA512

1784b11f356d9b59bdb0a2f98fa2fdefb932e5a48bf2c49b3bb2bc7d755c200cbd318359ef831a66c9362ac691c10d8f02980d1d891de58dd1ab4e24f6fb828e
SSDEEP

6144:2lteaM6IO+H6PMteaM6IO+H6PiUuSc4p9b5k/c8jdViLsC80k3ZqnFJDVLBc3OlL:CGyIGyib/RjdVi4C80kJOJxLBc3OlZd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2452	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2452	AcroRd32.exe
2452	AcroRd32.exe
2452	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2d08691a89ccbff1f599ec57baeb99d1e57770cb513ed7f436b6ddedd984fa14N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e7aa3b0f0901d942827bf82ec3f7f643

SHA1
bcbcfa919f44a87d1fe87fbf6d4f9a3affea433f

SHA256
76a654eb027e880b260908578756f2ccc7ccc64600c3fb8c34417de2c13e8238

SHA512
78d6b8765027c287ae28a6539fbd46b209f62970bdd65f1936df7832e4706ed1c275e7c27412e78eb9a1da6f87d9bf96db03277118037a168f976ee48983af02

Download Submit