ca8e1dd2e6d9ea0ebec75f714d60d6246e04ee0fd97d6a077c0b96603990b73e

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11. ACREDITACION UNDECIMO CRITERIO.pdf
Size

70KB
MD5

183616b472957198f2fd09cafbd9f187
SHA1

39fa98b9ef3806e412ae0a273022cf314c0dda59
SHA256

212494385d675cc6ad6191dca24b8941a1ac8ffc9d09975e6fba7840a8d75566
SHA512

c53338fb6194b55334e0d724efd9f326cec635abe1e95852a9d9a0bd00bf10e91bfb994b7e7cac3ce1c23ad508a931e352222003cc6b8dc1722560be726daeae
SSDEEP

1536:0naacqsZRyijACCtBls6CWYX3ASlM5yfyiMSxcpYrHn1ALog9titj:gfARyWACCtTsNBAB46i96pYrH1Mog9tU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2700 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

2700 AcroRd32.exe
2700 AcroRd32.exe
2700 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
2700	AcroRd32.exe

pid	process
2700	AcroRd32.exe
2700	AcroRd32.exe
2700	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\11. ACREDITACION UNDECIMO CRITERIO.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
cdfa37ac989e9296cca4dd30bd5744ab

SHA1
530124a92d403c5dc973ebc019a96bf33fcdba98

SHA256
f321b526524d2e3ad0859a754055129dd8c5c153e0b9beb9a572d05105a4a0c8

SHA512
b8d8598030ed3617b769975901e6233f54270a2dad611fc804eda029b52205fa36e79ba7bfb3dc5644a91371ae91509509a6c462ff418f974c47848f13c53bf1

Download Submit