c66adf7234142da39340331f0052131d392e1b39df4448102010fea3a229e0f7

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AGENCIA PARA LA REINCORPORACION Y LA NORMALIZACION.pdf
Size

121KB
MD5

082724283f9daedc18128c0402f73f40
SHA1

ee3bb9d8a38f085b421e54fd056f82c7261bec68
SHA256

1c08a6295063cb302357beceb8a96821a3bb972d9f13d8b4c3cc03a218ce8535
SHA512

421eaa873e401afa728936ed993fff60ba5418123e6f7f2e226e7c73a32d74cba38e55d7cb9bfa2531fb5aa7fa0edaf50bc9bb33073e624566aea3b507e19be4
SSDEEP

3072:ZoS8FuJDSs0BI/zwhH/VssajX4UVa/MXYCaNIiQud1:18FuBdoI8hH/Na74UVa/MmR1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

1820 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

1820 AcroRd32.exe
1820 AcroRd32.exe
1820 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
1820	AcroRd32.exe

pid	process
1820	AcroRd32.exe
1820	AcroRd32.exe
1820	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\AGENCIA PARA LA REINCORPORACION Y LA NORMALIZACION.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
9b9cc2a3372673e04cba9c2b867d3e98

SHA1
3fb1c97e755ea0aaf7bcd26e0ea7c206f4c111ed

SHA256
5b8cfbb2f1e5c17f8b611989661a49f8150e76c97b2598b1f457db0266479ac4

SHA512
a5ac1d4d1f94e7efd895d9f75ea2a9badc8885d6a69d8229f97c7fbf0f959d37b642175066df95f6768ef5e89a32a5c3a54c9af8a3677880976f877fabadee09

Download Submit