Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 18:43

General

  • Target

    NC-CFPL 4735 MERCADERIA IBAGUE.pdf

  • Size

    107KB

  • MD5

    50f198003a0ba37e71ef1d61b074cb08

  • SHA1

    990e7f7f34e5ecb48b4b855e4ad289c3667da6f5

  • SHA256

    fb4fd96beef64df718dec35889420fbe995bcd096b580490af65e8795540f8cf

  • SHA512

    13f84e76995ce7d924d546d2aa924eaee4464a710cef722cb0462083570879577b16c4590aee028a6a9ee62fc3fa49ca0e63c35d19a683db30dc82d213939f60

  • SSDEEP

    3072:gF7Nxbhp46pwG7BnhX6SrFZJThLtDImoLxL:cxP/pwG7B8aRTp1WR

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NC-CFPL 4735 MERCADERIA IBAGUE.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

    Filesize

    3KB

    MD5

    914fa0f15af2d63522adb4bce2499a42

    SHA1

    1ebf0d6742ff974a5ec4ec394d14b88bfcbee2e0

    SHA256

    1c9fbdb7ff6d69484d90ee4d15f8401f2b619b9736a7d5e3018563df4b7bbd23

    SHA512

    a24910879482b5905f9d7fd7ac8af2fc683260b755bef3f45713e737a08d905575708d13f84ec5c5105385d9aa333536505c80d81f71cdcf982dfa667f055aa5