cab5e1024368615f5fe73529ba2c8eb97969dc721ea8d78d8257bc934ec93455

Analysis

max time kernel
90s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cab5e1024368615f5fe73529ba2c8eb97969dc721ea8d78d8257bc934ec93455N.pdf
Size

239KB
MD5

a583b020d9b903d026b4c6aecaec7fd0
SHA1

814f945537e9c7e18b7e8e38e09edf14956498bc
SHA256

cab5e1024368615f5fe73529ba2c8eb97969dc721ea8d78d8257bc934ec93455
SHA512

3fcc986e668614066c1f6935da0adb2b9458815c10e4432a77e3b2542fda98cf2b4fc3017d2449d59768757e924d90cbc78bb5a47135c80547c46efd4e50218d
SSDEEP

6144:UAvNhaKhal0xc1nuG7xXENMCDYJJsWOIsKK:UMGKU1nJxX/C8jsWOIsKK

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2412	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2412	AcroRd32.exe
2412	AcroRd32.exe
2412	AcroRd32.exe
2412	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cab5e1024368615f5fe73529ba2c8eb97969dc721ea8d78d8257bc934ec93455N.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d5b48377b00923cb10d672a8140205e6

SHA1
55c86802d237398da6520bd88b0e0bf04a3ca328

SHA256
c135b7ced3498a7aa4bc22cede2806f4c580a019b4f7627b4c36066f41e661e2

SHA512
106ae9d786b1de2078b676a27e3fed109ae063628e56817488a272aa6caa764ac28ef06e3bbf483750cae445bbfd26002f3c316e796aab44d53d0038196d94d7

Download Submit