38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc

Resubmissions

06-12-2024 10:33

241206-mlpwbssrct 10

06-12-2024 10:28

241206-mh1tessqbs 8

06-12-2024 02:25

241206-cwfeja1mgn 3

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
06-12-2024 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc.pdf
Size

16KB
MD5

e51378e49d1aa79ce88c018d748a186c
SHA1

d2e31a96af911a0cf932ec860ce839e254fbd5c8
SHA256

38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc
SHA512

0f28b75712bcc9307e8bfe0b9c692cf1f582c957a718dde3eed7485c4e050075ef45ad49f57ade1536ac6b4c6418a26656318bc630156936892fd2c999fa0604
SSDEEP

384:9q3MsrhjEN4gQ3micNexY27IEPCUSkSaHTeOHAgJlATCUSN:9q3prh04d2aFU2dHTDHv62

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2652	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2652	AcroRd32.exe
2652	AcroRd32.exe
2652	AcroRd32.exe
2652	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\38f8f20eae06e575938ffbeb64e31c9310e8c0ab50a2bc231f3aa9777abc3dbc.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
7dbab9de3034800f9654c1fda169f2fb

SHA1
e44bc436c13ca7de22ed1215e9e0152b1d406442

SHA256
57077db795fc1ecad3384a7d9481d9dee086ba5f5ef17e8fa5a2be40792bf747

SHA512
ef3ef8f76e9465b0c5604e6df3bf06cb699a016a318401c4a6f86d2a7dd143a6c0d20312315e4bab5a6207a31b68a1e518e92bb4048b76ee3b5fdf3765ee2ee2

Download Submit