5a3e71abda0337d7f4262768e8112f9519b1ae16cd6ab635c20026306b62a451

Analysis

max time kernel
77s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27/03/2025, 13:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

attachment-3.pdf
Size

62KB
MD5

d6448c0c9afae5e15e3134d5b0e93f54
SHA1

ba58fc3b858df36e98afe42502e2baebcfd9162d
SHA256

cd487f592feb15043bada8cde460f76800e19f3ed6d10cf663a773151602ed45
SHA512

2c2d1511fee15bbe43c217d67c197655232e4f212334c0fbeb33ccc196a83dcf7aaf462819874749e4d1f674043ac0a0a9cdcdd0e7e86fe569f237ae8858cd2d
SSDEEP

768:1htzznlmMoNKiwbZCYUYzd5yzB8z9PD2AI0OLB4ni20xCWFzXC+tlZLJXh11111D:1htvRdiwbZ9Ui+98z9+7BL9rzZ9HYAES

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2324	AcroRd32.exe
2324	AcroRd32.exe
2324	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\attachment-3.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
26aba3637ad1c117c8602fced1966bc1

SHA1
6f602f9604ba50bc5809a4fb0a9b5c92d1c1c68e

SHA256
57af957c0906eda92bf3d4d93f15e04efd3c9b89294e100274663bb04453b968

SHA512
8cdfee816cdd8ec55d25cd6c616937d38eaff12550390e137abf49c58b3ed4a7b87ab52409c11dda102ba664f0e2168c9d08f213fe237471792b54843c2fea63

Download Submit