ca8e1dd2e6d9ea0ebec75f714d60d6246e04ee0fd97d6a077c0b96603990b73e

Analysis

max time kernel
96s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10.3 ACREDITACION DECIMO CRITERIO NYR.pdf
Size

146KB
MD5

f7acee479f1da41227a9a700920758bf
SHA1

5c1937206ba5bc012dd2e60284075d71f00260c2
SHA256

ce1b20b394b8741cd09970d0db7c60e6e9071724b9f3ef11f35b7f1295d4c0d4
SHA512

de30c22bffa4017328108d8e3f264c30a47e1814bbbdfbb37c8dbab81a3260c6376dc770bb7604abe3170895c461c6b126d215de2df8ba3ff91411c4c6bf573c
SSDEEP

3072:mu91FWsuNkFgvT5JD1K/WGWfwODgC2bu/DTRd3FUl1gw68+:n1YB+kT5JI/WGwwaCCPn3lw68+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2620 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

2620 AcroRd32.exe
2620 AcroRd32.exe
2620 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
2620	AcroRd32.exe

pid	process
2620	AcroRd32.exe
2620	AcroRd32.exe
2620	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\10.3 ACREDITACION DECIMO CRITERIO NYR.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d06a6d0c4781d3968d9a81b9804baab1

SHA1
d3d8f80ab56054d474bee68301b38a36f4fd2a5a

SHA256
34e1bbab77bf65874eb28a29dc81aed8a398592b1c7b06a140737defde62933e

SHA512
4e49b67da9b5e06c4bd304c25484dde1cc23721ebe13c1688a1403833a537b216fb06d61b284ecc2415eff651cbeeb3f53b120b7d342a1f4a48a1df6e0309d62

Download Submit