9dca05d456e7a2f665bc3d92c883574754718441a6075de6d09a918e67ae1035

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unlimited Stealth PayPal Acts and how to Cash them out.pdf
Size

51KB
MD5

8cbcfd4f65421379598628918a5c6048
SHA1

cff70e9a589452810b997081c7dede8c30163e40
SHA256

29426b26f770333e3ce92e61ba0e6c6508679655a023ec64185c32e5ec534821
SHA512

accb1ac7e99c3b65d7d72ec5365271ff01fb04ef02b07806a1da1f52371c141bd46cdaae3920ff01940656fd8d94b0bc1511b976a7059d5f4c43cc1934b931ce
SSDEEP

768:uN2QunEdL3/uh54q+gideO6Jd4irWtuZbMLCpMfEnOZz2BhGSc0rfpR5j9BktMwc:utL3Ghn40BWMZ41s/hjc0r1xBktMwuSu

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2476	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2476	AcroRd32.exe
2476	AcroRd32.exe
2476	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Unlimited Stealth PayPal Acts and how to Cash them out.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b05a81baeb1b3ca7a59a49d9344f97b4

SHA1
54161124f40255586804336b353ca6ed51fbf464

SHA256
0767ecae4959e5274e64e63f3e63e05c87b2674af023fc422becafce204dbeba

SHA512
8e95f1ecdecdd5b172813a4e25a760d92cfa6e81f9e112d5685a130e717f8e25eb17b71f7f5ed05565a64df8be0df4e406ab49a748172692004c38fa10d683be

Download Submit