68278060bc843ce6af45dfe8cdf99037300456d05d1f30f12ba5778ea1da8ce5

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7563f3931f129a9a3dcd7e959ed2d9c2_JaffaCakes118.pdf
Size

76KB
MD5

7563f3931f129a9a3dcd7e959ed2d9c2
SHA1

49ade6edd0478bff4978b3a79e430c2b183e1a00
SHA256

68278060bc843ce6af45dfe8cdf99037300456d05d1f30f12ba5778ea1da8ce5
SHA512

fe9f34a3242dedf0bce7c3eb4b5399dcb7c98abbe0b60be60f9d0ed8d86d90f8fc5534c8ce37538f23c089f59add008be4210d5850ec8f5ca7291b9e5ffaf379
SSDEEP

1536:ZkeliQZFC7gclcO0E9kCNsmk/M5/xQhDFAKJ6kWMriH/7MWKVlm9z8:eeoQZFC7gMbkCNsX/M5/kF/6kqHTOvmm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

304 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

304 AcroRd32.exe
304 AcroRd32.exe
304 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
304	AcroRd32.exe

pid	process
304	AcroRd32.exe
304	AcroRd32.exe
304	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7563f3931f129a9a3dcd7e959ed2d9c2_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
0341deb00c77ff3563c82e23d56fcb18

SHA1
498c12b9e1326afdf61acf6fe67f7747c63d8906

SHA256
db737dcb8e71fb5734b51f0388ba722b753527db10dc2acab9d6697109a204c7

SHA512
1f1daf64436d84e144fa482b8f90c924ad4271e24ac6cee798ffc6e32f71ce7dff66cebbec32144ccd27dc00fbd42bd43eba370dfd0d4aaba9835eda2bbe19b3

Download Submit