b5425ad64313b8112914a9a172245ea6532da65ff113a06cd8922d6352907869

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1-808.pdf
Size

104KB
MD5

345f0d46aff9906f32d2005a54ab7c3d
SHA1

b3a88198547d574193b982aad87c933656942d98
SHA256

1984322d4768d38a822dc1101c6644857cd3ef9b8a1ce7cf5db4ac74cce37ee7
SHA512

52a116a15327cfdce4306664fa4b2ca1b7b1070af35e5c1f83a586f085d216ef63c2f597ecb87444963f4c9893ea1a16483c55d7e4287f960c3897f0865b6abb
SSDEEP

3072:QASKT2Z1YASKV8NASKqBZASKEhB7ASKCi:QegYeiNeueS7en

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2136 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

2136 AcroRd32.exe
2136 AcroRd32.exe
2136 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
2136	AcroRd32.exe

pid	process
2136	AcroRd32.exe
2136	AcroRd32.exe
2136	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1-808.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
453b550205db63c80754b297ac65f66e

SHA1
0c4d1fb733c40ee962c71ccb93fc70558be957f9

SHA256
bf64c6a59723f5ceb2abedf8c0e50dad7e9f4188c3741375eb7716e8762976fe

SHA512
fe788a902b482b909fbb5f7af86d0a44d0bea08c6b406d7a0a07286ffc092d9a3461326fcffc2927863b360f7577501a1c20e966471d42ca5fb0bf164c6e48b0

Download Submit