bd61d03465cd12c36b5790e27589fbecf82440694461f00268c8b096dba35302

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

I.C.T Introduction.pdf
Size

4.7MB
MD5

41cbcc48700c04401beb7aaca42a71a3
SHA1

7ec65d251c5b0dfbda4c805fb6e9c43c2c11c220
SHA256

bd61d03465cd12c36b5790e27589fbecf82440694461f00268c8b096dba35302
SHA512

0814d63f3a308c4f16549ac61ece4a2cd15111b7ae3d9c69308e0dd34861c75795c8b1deac8a4071a6fe1491857489c35dfe631e3a2bd24a44d7ff43dc59f716
SSDEEP

98304:tXx9VVV921ETuTwATeNT0uVO/Vx0ipar/fsEYgOc1tKi:geIQPm0iErXsItn

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2956	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2956	AcroRd32.exe
2956	AcroRd32.exe
2956	AcroRd32.exe
2956	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\I.C.T Introduction.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b4c8c50b7179f0bf3aee6c33d5ae7318

SHA1
086858ca7acf56d1addbcfa19c15ec30d6ee780b

SHA256
86ce968158a4989abbb9c21a86d2271d10ce78dbb2c3971de550e0c04a98c9a9

SHA512
ba601ef55ae3da9a9c749fa41420fa4b2cf90e36880fda5f16732fcdce5e5e6e6a014b55bae11323e455947f1a955d0772216297785a6a69506849c451091c46

Download Submit