Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
09-10-2024 08:15
Static task
static1
Behavioral task
behavioral1
Sample
Order Nº TM24-10-08.bat
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Order Nº TM24-10-08.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Order Nº TM24-10-08.pdf
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Order Nº TM24-10-08.pdf
Resource
win10v2004-20241007-en
General
-
Target
Order Nº TM24-10-08.pdf
-
Size
4KB
-
MD5
1c32d785398e3a7eaab0e9b876903cc6
-
SHA1
3dad168e79bc7f421760c98a8b6be2e1630a63ec
-
SHA256
0622971147486e1900037eff229d921d14f5b51aac7171729b2b66f81cdf6585
-
SHA512
29dcf27ef3326bdedabce72038ace798a167d8c2c4bbba8764fc24be4dc5f1ff6abf3e70d7d5b9df112e7f0d53d51fa61462adebd05ce2b0ee0705ac11295bc9
-
SSDEEP
48:PBtPTwN8gkyvqPQD5CUhrFqzmPtskP2cAcaBnLqFvVxs3LF8qn9KyGg:plTwNsymhcxvP+kXFynLYV+RlhX
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2932 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2932 AcroRd32.exe 2932 AcroRd32.exe 2932 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Order Nº TM24-10-08.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2932
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD592f4f11d88656a1a4e4c1a0f178a8d07
SHA1ea7654d2f901c230cf17b8e336ce5bfeee7153c0
SHA25637df9dc03f48f0d7ce8bdf64d5a86ef6eec468a183166712ed0db9aa3dcbc1fe
SHA51221509249971370f90c24ea78edcf506a0824f57a37259e8c93b8415b41a60c13a5543184eee60486e42b74bb4ad3ee9bb6355309dc3a277965101b7a3d077e8e