c41ccfd36909d89511d7fb6c01c591001837756ed59989259fb26708de1f0560

Resubmissions

14-01-2025 00:18

250114-alxjystmhj 10

14-01-2025 00:15

250114-akemratmfk 4

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-01-2025 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Resources/Data/info/DIC Swatch ReadMe.pdf
Size

313KB
MD5

d93ef87527d57035e3086b88ca853579
SHA1

18b7fcd3f9e33a219d81d0eb79f6895d9faa405a
SHA256

9bac190d3a0beecca4c19d298d553c10300da1b753ffc1f9849ecfd4633018db
SHA512

ac9c45402f754bbdfd958e0723184a9e601e265a107815ff2b1b0f9a95e021e7de0095a7fd3600d77dfa0f450c2b8eefc3461cb9e756168550f338d056472c06
SSDEEP

6144:F9mr0PklFsXGsIADM5rVU0QMPXBNOMiRK6sUsEMxlRoTGIbEqOFhzNlp:fmrviGrkyrDQMvWdY6sVEY8bbExBp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2644	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2644	AcroRd32.exe
2644	AcroRd32.exe
2644	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Resources\Data\info\DIC Swatch ReadMe.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e7819826ee0aced4e7814fe55cbf96cd

SHA1
03ade9177f926eac7eba9d1566fc7a24dc04ef89

SHA256
c9f23cbc19a786f8a6992d794b1b6921c9b5f1f54b7ca68c88d3bea0813c0754

SHA512
7e87aea3a0e38f92facefa15b66201093c257e032bbe82d503ac9133030016b970922e82826ec6bd101a540f1ac1724be705cd59569f9c610443d098e29d97bd

Download Submit