7c68f1b5acf5293585645d36a8cb75f342f567c1a7356c2c9692501e6721a3f1

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DAE_817570.pdf
Size

101KB
MD5

f5ceddd9d78218da56b21a6442d88356
SHA1

0b423911d3560da392d882321b79d5079d1c0046
SHA256

da430b544b0dd887fc705d86129a864b73334290ac523662d75e35f0466928ce
SHA512

e87d76c12fc563ba9ff233f8d04b0ddd31731d95ce601a0b9c94a74af861ca15b39b1277b62cb1b4cd32ac5da421287ab67c0c414d3aa912c4fb96d092c338c2
SSDEEP

3072:nvILBQRNTLV7NTE5Uo6gt5XqKS0DmtYMDNA9w3JX:nQOl7y5UoznkqmC45X

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2888	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2888	AcroRd32.exe
2888	AcroRd32.exe
2888	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\DAE_817570.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
0881f8a98bfac5828b752f52ed5b53f6

SHA1
98959ebd33936d8239350af5d391f99fa69b95d1

SHA256
03840f769625021cc46a2be9f690934bbe79e4f3bd859ea474d3b086b37f6e2f

SHA512
dd0d493bd9939266bafb23e85de28f95eaadff1fd07b4e8b856a9b21126551686ffa6bd9453a77a5cc8dc9169d26e54a8703fd18402ab7d48900418a187c163a

Download Submit