1853b32b292b678cd81cd8e2f5f9d8b0e1eb4d5fc1e7b652e64e985b0ed13654

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8289055a9227da38abde127fcc3edf41_JaffaCakes118.pdf
Size

84KB
MD5

8289055a9227da38abde127fcc3edf41
SHA1

f1b15a32cc3002c861d03c068b3be8998c7253cf
SHA256

1853b32b292b678cd81cd8e2f5f9d8b0e1eb4d5fc1e7b652e64e985b0ed13654
SHA512

bef886d8a346b4584894ec10dd99f0b0042fdbd4a9035a8d58af98dd9ef56f44152fb681c03680952017550d49844df7f684db16da24b1a281a1913a886516ae
SSDEEP

1536:+c0GctMWia4v3Sd0Hg4uu7A2fYpSQ06L4JSImDnJB7WOpOaZEWI3oEbIioK4IZ:tq4vEauulYz0RJSImD/saZQr

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2868	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2868	AcroRd32.exe
2868	AcroRd32.exe
2868	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8289055a9227da38abde127fcc3edf41_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
91f510395a0bb4add1146cf4b790c9e1

SHA1
32822e9bef0a4b1208507b3ffe0de93beb3307ee

SHA256
ca6221ecd426d5dcd7ef32782c190de2d263af001589276b758d69a856172449

SHA512
f88f8fc5612da72e2794c8e0cbe566868c0bb8fbc35d0f76f7662345c8408f242b574146659b7e5e535abe460e099a4bfe6ac334e7710edcf019a6979fc6292b

Download Submit