fc7f8cd35ed09e76e7837fef98d471ac469d790d15631b65219f435e5e816e5b

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ICT Genesia S.r.l. Fattura.pdf
Size

75KB
MD5

1adee9be6f529be5318f406ff5273d32
SHA1

620f67a01bd99e256341cb2f0f846fde53d9b09e
SHA256

ff5f9f8b06b87e619cc7ef3e9d8f8d94bd54ab80e14c9295abd5a1e58de2758e
SHA512

e2089309c7decb47d453b76c9f30c71f78524fc1357386fe61ace873a2c07b4571399c2ffe6d8a63945ebe0b5ebdfdbd6e1030c11ae862cefe7bcab636831d4c
SSDEEP

1536:AmvwTVac1OIb95dFjZymtToyMRuX2L8NVEh5hUoeqksmyDFpDqO37UP:AmIhdzb95dFA9yCuXZVEh5lkbyDP7ra

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2648	AcroRd32.exe
2648	AcroRd32.exe
2648	AcroRd32.exe
2648	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ICT Genesia S.r.l. Fattura.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2648
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://ict-genesia-s-r-l-onedrivesharefile.degestmfg.com/
  2⤵
  PID:668
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:668 CREDAT:275457 /prefetch:2
    3⤵
    PID:836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93c984f964b2321d79a9711a35388e90

SHA1
9566145d69d8c3b56751f41e4249977cce4c7946

SHA256
207db3b29309f253b54e3c3026fb54c1ac54574731367d583916aad756fc0b17

SHA512
d6b71eb7cda0eeba5ede94e8031bebe5f18addc2a1e212c320f21257c74922917157036a97f008a6aa402b42b3f5d23a89c09f4453f2e32997e19f2f32d78a74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a951831981985870104e07de7694a079

SHA1
e6aa71ff9fc1eb38f4f0a6e2a063b7c12e8a8907

SHA256
ab8f6a7a1dda601b9874bfac8670084cbb6821e116a114d6ecc38aa1808a4442

SHA512
a2c019a4d4933f0ec93342093ef644263f86747ec84f9d8170305218c182ffb197555b600c3acff74dc6ea336b525b416d64c63974af7ca70a77645aa6c8ebf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a78ee1ccfcbe0c689610cc4cadd5849

SHA1
c3913812ddd8afab2c112d66c9bfda2044ab2662

SHA256
3a32933c34f0cfce5bf913f5d9ddc5fad8812faaa7d85c05d587ac5bb89e5af8

SHA512
ba59ad8e3f204e26daf78fc1931ddff0647f750355f369531043b99e75ee7428b5a5456306864275398e0894290ecd1edfeab918fe4f7941f465b960b471f11d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
917d38b24ec35b4c3b9963d8739520a7

SHA1
7de6be8827b50a1f8c994c87f1436b1d1ce3afbb

SHA256
18f73637088b5167440f315a2c72ab7790710d1d82144ea78e2a8e917e16f4c8

SHA512
546063f0e3584787520282f9c61fd9a259068ae7ccea5d8320dcb5c42b6614698cfbf2dfb536738dea6783b90aafce5ff8600320748d99c173a2e0c75e7139ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0fda482a6ebe7036d57fc362c46d8d5

SHA1
7f23612d6fafbb78e25f4dd8ceb664267262f861

SHA256
e4d9019028503eebd37de97d59f07200e1d25bbacf2d96875b3e70582457d458

SHA512
6f51d52acaf3a4709e3ca7ef773f48f5d8628cdc7974d93397e6650aa87444b3d6aef37caaaf1cc38c5b8e4bebbe7ca08ea5ae4a8b179650d544c54c89edd685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75a7af8e6e3b4d9eb2a8f54296d267ec

SHA1
142a3cbab6f4e2646204cfa20c16e1fdbd0c9416

SHA256
b4cded77ecf540ead268ca0c07a89601a6a421481be975853d421e8267f8b7e7

SHA512
89ed69ee29281fe57b89c4305bbc24d0d0298b5347e1bf512de7f98d0b2d45cd98f00994720c07228dccf8667e0d93b7714df0bd038f231e7252a6edf7609c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcef893c2b45f3a913a64d3b691c88fa

SHA1
16745b712e0d2b9a4ad2e47e7f1c31899a78ab70

SHA256
4a97632f3ef8ae52d8111a2bdb0405db7a8b479fe5a76966e394801ad23457d5

SHA512
442ff9e1dc8a2180276a0f8873f8fea4f897d02caa1d0eecc55d2b25ac4ad851d6e9abb29806be3a58b548722123608f6e61f074db50eb63860bb33b1209c0ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25a2a1836c67b816113be0bbe794d828

SHA1
0177a106cdb3d2345b0ad5ec1da8ac86fcf13bff

SHA256
93805da0be1db854243138999215026ade5d3baedb209ba7f85cdfcbfda43cd4

SHA512
b7bc0fd824eec22e38a50d5d1871d8ad47293091e11eecded53e7efb8f717b20b663405bf9a143bb98731a0e8277d5ba9d8a7e1d985a636526f8b0cdb4859a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCDCD.tmp

Filesize
45KB

MD5
74c4276655e536a35034e759ff21e46f

SHA1
2e0ad53618ccf78995954bd06673a2b1f39c0f61

SHA256
93c35a699d5585cccb050df460ad50df599b1e14cc69ca3b8ab569ee86dd143d

SHA512
50a80c3773cc0d7439e3e74712dae6b6d0d5d71df0d3978f2dc04527c8a9ebd2dd5f1c5465ddcb1c852e68fee4e4bd778a44932723828c427ef1e12c8c3063f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCDCC.tmp

Filesize
50KB

MD5
0054275fbb082e9c5b359ba4501d9e4d

SHA1
14f223454fc5d0b0f4ebbd36d39f741eafc77f30

SHA256
677a6a663ff0f785f42b39da93ae49e95722873c3ac546031ffd088d7eadf528

SHA512
da3bac4f643e8d7bebc8b5d7787fec74b8b53d552ff8ec376e136d0a23377771e51efafbcf04e7f0f2d14ebacb94b2495b005bddb3e1cfc6acc21dcaa819dbe0

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
f6f3d7a1699ca99ed138618929cbc9fc

SHA1
c457636169d06f3b584876c3b4833bfece72970b

SHA256
56915bc13f6097988c6207be49f746f69c53ea62aa8e698e426d4d5894abb4a3

SHA512
56fd171f04f457c430c1f3f54d161b6f8847004bc41d680cf321a4481b10279e66e2b2f777db1f3526dd1a33c8087c0b2313e7d9708fe0282d3d49a7ac1f5792

Download Submit