8b9cd58a2169bd8bb8e6df5c2eab9bbb6d27f932ac349ec1fc858da4f7cc272d

Analysis

max time kernel
95s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DAE_817577.pdf
Size

101KB
MD5

016f414b25eab98b653fa9c1a616ca29
SHA1

9c25d63a41d8d2a07556e0398d640e43a4a2c91b
SHA256

b751a7249a5b7cac58c10c94c71ca926930d61f2ef75cbcd526e21f5d703a1a5
SHA512

cccce507c58c923b92ef6244ccd093323cdf8ccdbcc79a4f62b5bebc45b330598e721b6a5586885b451aea730c0d62e3c7ec43b15700f7a760389fab102507f7
SSDEEP

3072:NyvILBQRNTLV7NTE5Uo6gt5XqKS0DmtYMDNA9w3JB:NyQOl7y5UoznkqmC45B

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2348	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2348	AcroRd32.exe
2348	AcroRd32.exe
2348	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\DAE_817577.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
00019f28d734ad5c7c5ad17b53dcd542

SHA1
4939bcc8736c374bd5d5576e10b4b728afc28fbb

SHA256
d25e09312e26e99a02b3094c0ab3b8c9ddf5a58931d5ca3388d975506b126642

SHA512
f9cd1b0396c46a6f6f52f5965b966de953e0a9340b63fb1651cd48dcd93b6d8b9fd17701834b4bfaed62ba6dd585820b97a94bf73a275d69dfa8e855c918998e

Download Submit