8f07627b07fe105dd935302146e6d24ddacf51ca3b67d44b4744d2359601a6ab

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f07627b07fe105dd935302146e6d24ddacf51ca3b67d44b4744d2359601a6abN.pdf
Size

515KB
MD5

b97f9b30f15b15be14aea433e30b1910
SHA1

fed5a824de460ae83b8d57e4a73641d93511fd6d
SHA256

8f07627b07fe105dd935302146e6d24ddacf51ca3b67d44b4744d2359601a6ab
SHA512

d06528948c9335a4fb996d65a7ac4adf14fa302d787e1d2d3741021db03d1d0aad1f0a3b1910c6ce9a887b5c57ccb411168e4f7713666bdf173a8f5702ef07c9
SSDEEP

6144:2maXlYeMiAiO/cZXrQ9zaXlYeMiAiO/cZXrQ95TsJq4U/WWu1TFwOiysQVpdTA/J:V7eMiTRrS7eMiTRrGTcUubT3iZYzL6

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2780	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2780	AcroRd32.exe
2780	AcroRd32.exe
2780	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8f07627b07fe105dd935302146e6d24ddacf51ca3b67d44b4744d2359601a6abN.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
de5c29207013e35ee6e9822afd5503ab

SHA1
c05b3048d22c75b2ec6be2bc8aa6b284daf3c2f3

SHA256
735a5b2042aec2194419fbeed82eace2215b3018dfe2439e5b0e7c77df088f3a

SHA512
4141dff0321c589d9c3c02b3c7e10270ad79d52e603eaa93592ccf5853b53b01f8186668601188e50109c56d01a917e1865b4adc3c063126eef89c174d070b85

Download Submit