Overview

overview

3

Static

static

3

Factura_780560.pdf

windows7-x64

3

Factura_780560.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Factura_780560.pdf

  • Size

    55KB

  • MD5

    99e3c3f4db043d0e4631ccf4f5d310f5

  • SHA1

    d6cd44b1dd5df589d3571ce1ed3af78be47d4c85

  • SHA256

    5232758a9c453cf6ccd8c348f42335dbc8fd0c2ed9d7da1a4838a63dabbdd983

  • SHA512

    b0eda64a080d5fa0ab2a4e363ce16f4f5cff3ed2d305bc85dc4c68e371c69ed6f3c34cb910b71748c61ced93f0dcaf1ad3035a281b2debac1abb80d29e0a3500

  • SSDEEP

    768:EfTcU/Lbzxy0Z/lSjgOviIv0FhXzHZALXUN4qJ5M1Ccf/TvF7:e7M4lSEOvNGXFAgD52J7

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Factura_780560.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://facturas.duratex.com.mx/Facturador_En_Linea/?id=9340&code=YnzUHGFGMidHhXgrgNdBEFPgUTuIMintJgFEpQToXFhAqWRpefaE
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:856
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    1506be16602bc79a133af3c7c0bd300c

    SHA1

    0fd096b67ffe4ce618107aabb5aa060b4cde04a6

    SHA256

    e00209ae5c7b78e655d6300c653f23d5fd3dd2f45161b7317e83078b3153591a

    SHA512

    de04013b5d90d85021ceaaacf4e0773e3eaa3976575c12cddbc8e946d085c910fac28bd06ba780f6483b21f87ff94371c94209782c7acd49916ce70fe9ad3742

    Download Submit