b645d07989961bdb1bef57fc71d281fce154620b74e2895cb2d1b2dbabe0e64a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R4ndom_tutorial_9.pdf
Size

641KB
MD5

cae4681b9b218d635ce8238eb2506d6d
SHA1

98743e335673ff50827ad740e5c0ca74d89bbe91
SHA256

ff7542a29301d316d6fa963d5b4ad92b1a9c51f30c03722fa1016b6d9035c661
SHA512

c42ef0da85cefb60051de2a104f9dafae6880f30c4c92c4ef595b845dbbcef52729716f0f4be5fa5a1a73481ac3ca2f96177c769a2e95db2dcccea22df67ccd0
SSDEEP

12288:q0p7xK4vyvGKQbkjoqQku/zzgJTZxgyx5hfhyLbs:q0plSIbkjoqQku/zE/xBhAPs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
868	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
868	AcroRd32.exe
868	AcroRd32.exe
868	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\R4ndom_tutorial_9.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
061fc423be5daabc97493d3e7b823820

SHA1
7b12029f5ae99bcea0e3c360921c0e9379a6b9ca

SHA256
3a5cae189382616f9b0ca6e8a3f1f4700e583fec0133e9b61ba7c388da410b36

SHA512
1c189492238158faec1a7a236d8c1a8479371a4bf2cffe78438c32b4f46ebb97143228fd9ba65d24f8852c9f9c230e0bbfb332441d17ffd1478de0f1c2ccbe4b

Download Submit