7e7263b7b42454388d2c7fe248ee2f214182d600ceac8314f640b97b9558340a

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NC-CFPL 4738 MERCADERIA IBAGUE.pdf
Size

107KB
MD5

81cd9ecde959fdec7cf50aa6b5e447b7
SHA1

bb68b274271591de3e6bb38cf8e4f63a8a158c8d
SHA256

5d77b4699b4759af11f3421735f696f4a111c5d96a1a36698c2a0459514f25a1
SHA512

97541029c954f68e5ea39ff4fc4334c7b7a18cd186ee15ba173c7919f3a50255699b279f49a0f20f54af94cdfb2b0ccac3702abb4d34c7fe4826eb01f1d8d39a
SSDEEP

1536:gxN4nh1vlxT3hpl2fUWMzLgw5y01w1TsG8AtUqVotfXogXcbNmR9KLx88:y4n7Nxbhp4fEz8w5oqLB4gqNSoLxR

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2416	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2416	AcroRd32.exe
2416	AcroRd32.exe
2416	AcroRd32.exe
2416	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NC-CFPL 4738 MERCADERIA IBAGUE.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3bb47302a9876585b8101c5c51c7a501

SHA1
c6b788d8315e06e9f969c884a6df9fb01bd5b276

SHA256
b8e354457c1ebd4f964a0941e275c96419aa97d3e026b7796348209ea8f49da5

SHA512
8f964b159d39083a2e9a3266eb94b469c9596c117d5ccb4fd5d4f274f50c040f13acd5ba9cf99b1419bb09dbeef1751fecc548609b48c74f61fae6eb2998ec07

Download Submit