ca8e1dd2e6d9ea0ebec75f714d60d6246e04ee0fd97d6a077c0b96603990b73e

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2 CERTIFICACION 2 CRITERIO DE DESEMPATE UT CLEAN COLOMBIA.pdf
Size

163KB
MD5

9cb39df4872a184313fcea607a96d4b6
SHA1

e9013506f205858035e7b16f9ac4d4bd5c99812f
SHA256

b808ff311fef56020f480fc1c5760c7e4e427c5884ad6fdf68eaab6b553c2278
SHA512

bbf533918ed9fe9f2d6bdbb71f6262c43b628ac8c7c977386ce0885ccc94375fc330346cec0acd9741e97163f97117e0f51a3f0b70f98b801b2cf37cc91efafd
SSDEEP

3072:GI+LRyWAzCtTsNBAB46i96pYrH1Mog9tksfukXy6CpffHuzfvoozTfn1T:/+oWA2tTuBI46Q6EH1pgJ/OnHuzfvoAB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2368 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

2368 AcroRd32.exe
2368 AcroRd32.exe
2368 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
2368	AcroRd32.exe

pid	process
2368	AcroRd32.exe
2368	AcroRd32.exe
2368	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2 CERTIFICACION 2 CRITERIO DE DESEMPATE UT CLEAN COLOMBIA.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c90363d65d8067f5d5c08420a8c6a353

SHA1
55b55bda7cb645b0d3d7506f892efe5b26fd2d7d

SHA256
7c340c35726fdbb1666833c769e15dd998c14d1409cf1f63c3954eb1f8367c18

SHA512
e92a1c876b48b5c056ebb01fe7e0cadec4d5b7387dc91356720b4b3a88ee11f830a8ff07c165d73aa6cae17e9707b0099f5c340291d5f5cc72a4e5345d838d39

Download Submit