9dca05d456e7a2f665bc3d92c883574754718441a6075de6d09a918e67ae1035

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unlimited Stealth PayPal Acts and how to Cash them out.pdf
Size

51KB
MD5

8cbcfd4f65421379598628918a5c6048
SHA1

cff70e9a589452810b997081c7dede8c30163e40
SHA256

29426b26f770333e3ce92e61ba0e6c6508679655a023ec64185c32e5ec534821
SHA512

accb1ac7e99c3b65d7d72ec5365271ff01fb04ef02b07806a1da1f52371c141bd46cdaae3920ff01940656fd8d94b0bc1511b976a7059d5f4c43cc1934b931ce
SSDEEP

768:uN2QunEdL3/uh54q+gideO6Jd4irWtuZbMLCpMfEnOZz2BhGSc0rfpR5j9BktMwc:utL3Ghn40BWMZ41s/hjc0r1xBktMwuSu

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2176	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2176	AcroRd32.exe
2176	AcroRd32.exe
2176	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Unlimited Stealth PayPal Acts and how to Cash them out.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
46e64f627f85cbe3a968f30ab497a62e

SHA1
269492086136cc8f108d4f5b0401bb0191592a6d

SHA256
cdbbf467f9362420edd47f171331b1f77e2c97e0148511eef9745165ffb8c1b2

SHA512
d6f93dd408b8f410f16a775e7e3830d430992904972dff384d1e9166a57575a0e36b51cd2a4f41fdd236e66595ec7d6d646ee317ac2256a33e506cba5e56bd9e

Download Submit