4726db7fa32f6c204968dd2e4d289d4235254be54fd2150cf7569f91d0b57c01

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10 Ingresos y Retenciones/NKL - Certificado Petroleum.pdf
Size

31KB
MD5

fb8184418c70af2bf5edb7265d58e06a
SHA1

95f342b9a98a383c9b01726bd6d655a69698fc9f
SHA256

b3a193e18608ce182b1441987e8019a365d24be22ab2921794a0738a4735d32d
SHA512

db1408e3f93b00d48b581bbf294cafb59f98d4b28fa9bdf48f8347d8ae384a822efb4597c4f552b6eadb8f52d7f6a7099c073eb69c1b9544b0bd7cad64b5f10c
SSDEEP

768:m8bOESxqav8z7k+Cl5pZiS9nzU8bCAPYyHcY9v:cEhzIXZrFYypv

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2816	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2816	AcroRd32.exe
2816	AcroRd32.exe
2816	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\10 Ingresos y Retenciones\NKL - Certificado Petroleum.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
0b44cef8e0acac26710393f1036cf884

SHA1
d4eccf7dc422ca586f1970d471b2cf1f84aadfe3

SHA256
75eb3277235d42edbfbfd0db8403d572a7d6b3d9c87cce8b45352a7322db0f95

SHA512
60d4002e9b952b35c167a6e803721bc142ec95f4e6c1867a8c6306d247d5028e86ad35ed599918fa3620b66daeee6333d010a57d8d5ddae98d08268177edd414

Download Submit