Analysis
-
max time kernel
94s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
08-10-2024 10:33
Static task
static1
Behavioral task
behavioral1
Sample
Order Nº TM24-10-08.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Order Nº TM24-10-08.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Order Nº TM24-10-08.pdf
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Order Nº TM24-10-08.pdf
Resource
win10v2004-20241007-en
General
-
Target
Order Nº TM24-10-08.pdf
-
Size
4KB
-
MD5
1c32d785398e3a7eaab0e9b876903cc6
-
SHA1
3dad168e79bc7f421760c98a8b6be2e1630a63ec
-
SHA256
0622971147486e1900037eff229d921d14f5b51aac7171729b2b66f81cdf6585
-
SHA512
29dcf27ef3326bdedabce72038ace798a167d8c2c4bbba8764fc24be4dc5f1ff6abf3e70d7d5b9df112e7f0d53d51fa61462adebd05ce2b0ee0705ac11295bc9
-
SSDEEP
48:PBtPTwN8gkyvqPQD5CUhrFqzmPtskP2cAcaBnLqFvVxs3LF8qn9KyGg:plTwNsymhcxvP+kXFynLYV+RlhX
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1820 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1820 AcroRd32.exe 1820 AcroRd32.exe 1820 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Order Nº TM24-10-08.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1820
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5bdf4b196b56bd4f34dd9bfb2efffd6ec
SHA188b75f77b177ce223e462e667dbbca6b91e8f15b
SHA2569c66ac492238d43306ac796e1248b6734c61f8b41d5f6ed824a07827bf9dde12
SHA512a2eef91930f994a9136a4d6746061e68333e5cb2eff7b69b0ba3471df4ddf8d11ca0c6c37193ce93279501c16ef24f3de4ab7d588984bb0796fcfaed02927e2a