Analysis
-
max time kernel
96s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
26-07-2024 15:49
Behavioral task
behavioral1
Sample
74b29107020ab9a4aae3c17607c75db2_JaffaCakes118.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
74b29107020ab9a4aae3c17607c75db2_JaffaCakes118.pdf
Resource
win10v2004-20240709-en
General
-
Target
74b29107020ab9a4aae3c17607c75db2_JaffaCakes118.pdf
-
Size
84KB
-
MD5
74b29107020ab9a4aae3c17607c75db2
-
SHA1
794e82bee8136c7c5b0c7f171ee5b665d1103332
-
SHA256
4b9e696f77cdfcbf82b7630bda6e4661ed88b7960d61f427e5f74240f85ff040
-
SHA512
cc646a04090222ccaad71c72cff2bbfb0e430a179a45c28d7596833716f85df0161fb96a76c782cb2865b8c52f966e853e185e952754a6d504bfda9e79c5bebe
-
SSDEEP
1536:tyCqmdA/N6oJU49mftyuRlltBLBOc2hrpEWOpOwrKWwH853uKlU9sVyB:mmdAIoJ0ptBFO1hNhwr6H8172sG
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 1656 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRd32.exepid process 1656 AcroRd32.exe 1656 AcroRd32.exe 1656 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\74b29107020ab9a4aae3c17607c75db2_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD56aed6702b5a355c906aab654bfe78488
SHA1737b8f319954868bfe7fece40076042abb0d9bbe
SHA256b60acc9c50145baf65162782a698a0a5429fb19c338d30149d3b2d23a656da69
SHA512731eb4482c3d5382c06679522d97ca05f9658359f44a7eb1efdb9991d7380f251da4be883cffb6e7eb2be5d0b50b72fa124b000083b4062e7012aad458ff8f70