Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
21-04-2024 18:46
Behavioral task
behavioral1
Sample
ffee0d5495002f6b643e87046a5c4dcb_JaffaCakes118.pdf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ffee0d5495002f6b643e87046a5c4dcb_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
ffee0d5495002f6b643e87046a5c4dcb_JaffaCakes118.pdf
-
Size
78KB
-
MD5
ffee0d5495002f6b643e87046a5c4dcb
-
SHA1
eda8a24a3a6c93de0d6c71dfca1d2344a363ab42
-
SHA256
f25d4daa4941c0c2fee5566a2e45c651cd34b46dc22722ded4bae20a0e7c1a9a
-
SHA512
47ed3dfa0ef126ad11448ecdede321ed20e6bde446fccbba1849507db51bbf51f323b7986ddd8be7cbda3908658f9b8740143d5939b37f4687c4aaed2e9ed16b
-
SSDEEP
1536:t+eRyKgSdhf2jC4aECBzIdMKqQvwEhMwrz7AV0WspO2kS+BDNWYFjfQwgT5:0eJgKfWC4aECNI1ZvHhMIUR2B+BDfFjE
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 2852 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 2852 AcroRd32.exe 2852 AcroRd32.exe 2852 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ffee0d5495002f6b643e87046a5c4dcb_JaffaCakes118.pdf"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2852
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD58be757361da4da99340c3b14afd1d465
SHA1f84113af01cf446543a0556de3bff9cfedd11e2b
SHA256576b0eaeae4b29df6c17178f340bdbb8ca668bacff50bfca39ef4e7311cecf2a
SHA51232e28d4c679469110706b0a57d1d52db2c18c77d5340e834236c3f55bf7e6088a1aec533713743b153fe9d1e94353ca8d6402a60a2d6dbfe22f765978162d331