Malware Analysis Report

2024-10-19 11:08

Sample ID 240624-qnpj5atgph
Target 08c4fac489ed284dbd68e0236e61621a_JaffaCakes118
SHA256 28cb92cb891da03589c0323ae2e04c67a2c51ab6524cbebc97ddd1dd9be2d788
Tags
pdf javascript
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

28cb92cb891da03589c0323ae2e04c67a2c51ab6524cbebc97ddd1dd9be2d788

Threat Level: Shows suspicious behavior

The file 08c4fac489ed284dbd68e0236e61621a_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

pdf javascript

PDF contains JavaScript

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-24 13:24

Signatures

PDF contains JavaScript

pdf javascript

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-24 13:24

Reported

2024-06-24 13:27

Platform

win7-20240611-en

Max time kernel

118s

Max time network

123s

Command Line

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\08c4fac489ed284dbd68e0236e61621a_JaffaCakes118.pdf"

Signatures

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\08c4fac489ed284dbd68e0236e61621a_JaffaCakes118.pdf"

Network

N/A

Files

memory/2140-0-0x0000000002900000-0x0000000002976000-memory.dmp

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 1248c163afdafdb1fcd1b202af67e7ce
SHA1 ee5842dfd6e9b063202ff434c5d01308bb88bd7d
SHA256 c19652b1ec2c07034d9e2041f2a28d0bc9b760454e51dfff826a34aad09bfc26
SHA512 23ef750d0d2837a529f210c889f83e1d61d40d6921b26e466d829171f61d9adab563d2bd59ec0abb500494c1f776eaa57f5c4fa3d789ab6449550e43aec5940b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-24 13:24

Reported

2024-06-24 13:25

Platform

win10v2004-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A