ca8e1dd2e6d9ea0ebec75f714d60d6246e04ee0fd97d6a077c0b96603990b73e

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.1 COMPOSICION ACCIONARIA CONTINENTAL.pdf
Size

72KB
MD5

068458a49a54bc05e6426f4885838fa1
SHA1

436a96e413b707cd253a7714ad7b3b93b853e475
SHA256

6d0f9dcecd49df5d1581f261ae33f2f096d29ba8e2bbba0edea28f054c60fb4e
SHA512

c5f94de794cb144e6e0e1d52ba1943dff0b15072aa1e317f6bb6f2c1906ceb0f7977ab17195a938733cb94557fd4df8140a38788694d979ee9e3ca21ed61fa2e
SSDEEP

1536:BRej9YgIJhL+n15IZX5qt4j0rrnE5hEUzcfR4PCwHGs:7eRMZXE4iE5O5R49R

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

2324 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

2324 AcroRd32.exe
2324 AcroRd32.exe
2324 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
2324	AcroRd32.exe

pid	process
2324	AcroRd32.exe
2324	AcroRd32.exe
2324	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2.1 COMPOSICION ACCIONARIA CONTINENTAL.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3d5a4123173819cca172a8a728eea4c7

SHA1
48584677e8c563f2e8032907422bcee877cf1c25

SHA256
fca5bdc5ca59ad47afd338e62632c4ac40ccbfb305deecb485a7306d4d271e53

SHA512
8c214c7f66500699f3396ef900c9fc57883afa58eb21e08c68827e88cfbd042606c4bf59a9c28af386b4063589fb8a937bf58dcd50e1586294001bf485033d55

Download Submit