f0afd3c5c1b072f3df3b9ec7c021f2b449afc944fea5ea22935fb40a7336c0bf

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024 Tempexperts Benefits Open Enrolment.pdf
Size

127KB
MD5

81b04172b2f7ded8bbd45630b3df8a75
SHA1

2badefe12c8e5acc112878a58a3042a48c333c34
SHA256

f0afd3c5c1b072f3df3b9ec7c021f2b449afc944fea5ea22935fb40a7336c0bf
SHA512

b43586ca803db4f7712870fec010e112b642190f87af8d32f540815df7f8420f71197740b4ab76788101c8572c1fe6737da165e49c1a87a5204feab842f4f92e
SSDEEP

1536:H97JYi75u2lY0QgaaIPL+7ajzIhP2VU3SJSvsNxx1/tLI1jzs8p+V1plqcZpR:tJ/75bOvc6L+W/E3jsjDV8EfTR

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2156 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

2156 AcroRd32.exe
2156 AcroRd32.exe
2156 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
2156	AcroRd32.exe

pid	process
2156	AcroRd32.exe
2156	AcroRd32.exe
2156	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2024 Tempexperts Benefits Open Enrolment.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
cc79d3614e9d515df99581a5042bf774

SHA1
dbd2e6b961df33f7bade6ee304670f57e912aba7

SHA256
0777af31888d20379a7e8320b94f49e0c95eace85c35f690660a8b6b2334c88f

SHA512
29b26d9a73a26b048911ab7bd075da5ec0c6607933ec8cd18e02bb8d8f06014446f6e4abb9a3fa63d95cbf83018c54e1a2c563140fad68c59b03ce6574ecb285

Download Submit