4bf7a47f5b5c7d8002eb06f1b13b5511cc0d9e11150b336d2d216b2856670734

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 16:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6844ada193f955719ba00eab05287d8b_JaffaCakes118.pdf
Size

95KB
MD5

6844ada193f955719ba00eab05287d8b
SHA1

f53946a372ccbee4ffafce121689fa0bf68a4bf0
SHA256

4bf7a47f5b5c7d8002eb06f1b13b5511cc0d9e11150b336d2d216b2856670734
SHA512

5006a2b39e3d12a7444d74e13e699396bb37347aaf1df03df1d2f8bc9e71d417716b1b386795c3b8e21fd593d212829b8896588b2291ecb1b59240646fbad581
SSDEEP

1536:eAWl34FH4MZlWoX2zyVVXLhjIGI7u2JS4QL10N+2GW6pOu26WSG16TMcTbC:Xs41V6yVVtjsu2JS4QxG+Iu2R16YcS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2180	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2180	AcroRd32.exe
2180	AcroRd32.exe
2180	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6844ada193f955719ba00eab05287d8b_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
414e1a73008fc8bbb85b0afd9294b5e6

SHA1
d9ab9c69a2e15e1cdfdb16c38c58f286011489ce

SHA256
32f4edbe9a6676b474c70c4af534729f980069fae5e0be28e7ce77de576f54d9

SHA512
5ee9d6fbd729db321de88f2d34a2ecb93f8584b9dd813e95211e493dca557c4d47139d2200bac5bcdfbbe630d51c19bc1b0a29a2194b5fad2da7ba3ae714366d

Download Submit