Overview

overview

5

Static

static

3

404995b3-4...e4.eml

windows7-x64

5

404995b3-4...e4.eml

windows10-2004-x64

=?UTF-8?Q?...?=.eml

windows7-x64

5

=?UTF-8?Q?...?=.eml

windows10-2004-x64

1

email-html-1.html

windows7-x64

3

email-html-1.html

windows10-2004-x64

3

=?UTF-8?Q?...?=.pdf

windows7-x64

3

=?UTF-8?Q?...?=.pdf

windows10-2004-x64

3

Cert_'agos...vo.pdf

windows7-x64

3

Cert_'agos...vo.pdf

windows10-2004-x64

3

Contrato d...to.pdf

windows7-x64

3

Contrato d...to.pdf

windows10-2004-x64

3

Des_'20240816'.pdf

windows7-x64

3

Des_'20240816'.pdf

windows10-2004-x64

3

IMG_20240823_0001.jpg

windows7-x64

3

IMG_20240823_0001.jpg

windows10-2004-x64

3

Informacio...la.pdf

windows7-x64

3

Informacio...la.pdf

windows10-2004-x64

3

Recibo agua.pdf

windows7-x64

3

Recibo agua.pdf

windows10-2004-x64

3

Recibo luz.pdf

windows7-x64

3

Recibo luz.pdf

windows10-2004-x64

3

b0cbaab0-9...c0.jpg

windows7-x64

3

b0cbaab0-9...c0.jpg

windows10-2004-x64

3

cedula Adr...la.pdf

windows7-x64

3

cedula Adr...la.pdf

windows10-2004-x64

3

cedula Fah...do.pdf

windows7-x64

3

cedula Fah...do.pdf

windows10-2004-x64

3

email-html-2.txt

windows7-x64

1

email-html-2.txt

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Resubmissions

23/08/2024, 17:42

240823-v91xhazelm 5

23/08/2024, 17:33

240823-v4v43azdlq 5

23/08/2024, 17:08

240823-vntw3axbjb 5

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 17:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Cert_'agosto fahir nuevo.pdf

  • Size

    131KB

  • MD5

    470de24a7e502c3886c1d7aeeef70da9

  • SHA1

    45bc5f927e0a45f645564f16449a1f2905098ae9

  • SHA256

    61d41027219fec10cdb15a4d1fc83a8517845a4b15c301a90b8eb09c296012db

  • SHA512

    29110ab15d5828300f9b9c3c817e73f3888397edb83224243af6734b003e31d127f2a9cc4dbad71bc48a59884b802be8669fc4d8c376edc690e763ff9edf2231

  • SSDEEP

    3072:llkKSnNzifG5iWih64YUE2PDRUUrMUYy7l6x+tRA:NSNzQhsUE2baFUz7lEqA

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Cert_'agosto fahir nuevo.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2192

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
          Filesize

          3KB

          MD5

          20a4002e0b0907f4e3428250bd6a55b7

          SHA1

          5e9095a8b5c839b680922c29a8bdf344a7a56cd1

          SHA256

          a420276a2f776174f32098f756ada5f6ffa3763585e88dc04442a167c9019d4d

          SHA512

          490f4951bf0eff556047f52f175f881b7000a064261ba0edbc1796ac691f1016a82be319371a8611c84be6c57e355127fd860b878c91eb1bc398e91a881e4172

          Download Submit

        • memory/2192-0-0x0000000000DD0000-0x0000000000E46000-memory.dmp

          Filesize

          472KB

          Download