7c9c807bc6cb0c374be7ce7ef9ca9e33e9fd5fc1a8a7b0bdeacc3693719be1a0

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 19:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

756b2f8da71df21a20295c71e9c9097a_JaffaCakes118.pdf
Size

49KB
MD5

756b2f8da71df21a20295c71e9c9097a
SHA1

89ef91a624bce3a3175ac924483fde69095168db
SHA256

7c9c807bc6cb0c374be7ce7ef9ca9e33e9fd5fc1a8a7b0bdeacc3693719be1a0
SHA512

8711faa995452a7b2236cb0db17b44ee5cb13d266a2afc68ea52a8926ffd05d473a9abf68abee29954ebb7616e67f20d5e3c1f5698f45ee920cef31302bfab15
SSDEEP

768:khJIJXpGY7eynJw08lydOf00tvyWwZGOLwPhKIxRJZRuk4skkhB8lxm:k3rY7VvysmOWwZGONIpZRuBs5hBem

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2520	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2520	AcroRd32.exe
2520	AcroRd32.exe
2520	AcroRd32.exe
2520	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\756b2f8da71df21a20295c71e9c9097a_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
cbbd412822d3f0f432c820bf352ff3f9

SHA1
ac03098939e923d2ad9f695f2e5f392f2c660904

SHA256
dc504162da8554a4bbf125245ac371915f2915cfb22d2161007db8be1ec4ec95

SHA512
c00624c330c56ce69b5101e7912e8285e767a01abd983053276a359a1d6364fa4e1653c162d29ff31b5f85006a774d508d2c4251d78bee11faa55662f6d15ff4

Download Submit