1cb6ad7e145fc1ca37eb9007d2338a68d51a5dd960d99a560f1d1eed218c194a

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-12-2024 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Payload/Spotify.app/Assets.pdf
Size

5.8MB
MD5

9d2063aac5795cd88b9041dff54b8d30
SHA1

423c473f9c426fd18417171787fe33175726b467
SHA256

798d08a58f264b82c8f508e83c69b268e7aca8f6461f9c062ee42bb5380f1059
SHA512

483cd8223fa98397dcaf3e1e49320ea2b1a0a9e419b67d94a6ed9228453f16e1df994297180594a4b478944738e0e209d61045981461cc4ca4f37c960a7b54a1
SSDEEP

98304:75T2VaQZbkGgYkPtiP+BfUu6/BeFyZzCuYMywCVSef9FelRr90oQ:75TypkGFq7BfUu6AFSCuYYNcOh9XQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

AcroRd32.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid	Process
2112	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

AcroRd32.exe

pid	Process
2112	AcroRd32.exe
2112	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Payload\Spotify.app\Assets.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c7b2334d481bec38c99efaf4b1184c54

SHA1
58939b260647c5db39916d1bde1af319a9a28718

SHA256
e96d86ac8c09f2fa7a673b225527032531ec5fad544abf0c8f76c86ee1d159fd

SHA512
e5f2467065af1829713d12ee3ce9f8388ba7743ef8892202bbe441902eb2126a08fef14c98643c72508e77e49abe7b1060bf0ff415017ed3de0ae23561579ed4

Download Submit