Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
09-08-2024 21:17
Behavioral task
behavioral1
Sample
8394ad26b37708d241203eb298098ddb_JaffaCakes118.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
8394ad26b37708d241203eb298098ddb_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
8394ad26b37708d241203eb298098ddb_JaffaCakes118.pdf
-
Size
84KB
-
MD5
8394ad26b37708d241203eb298098ddb
-
SHA1
53155c8716830893e8bfd6fc20f4be8adf08f9e4
-
SHA256
182b48aab914c1c4fe9f8fa3bdfcd0b3cd5414cd238d9939abbcba8d3f94cbaa
-
SHA512
1258ea7ed3aff437420f04ab2993bacdc82fccc11cfcd0a99419d715baae61811edc5a73f7a7ce09be90c730c620fc4ada2e2b56913c645b81e2a578bbde5dda
-
SSDEEP
1536:okPB7eVHfJY0+4Ts0oeuxqYPklCSoPJM6PEP48TEyWEE/NclWapOtQkPFxwy:HPB7elu0HWe8BgCS8JIP48TEZNcatQkZ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1824 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1824 AcroRd32.exe 1824 AcroRd32.exe 1824 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8394ad26b37708d241203eb298098ddb_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1824
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5654ac29ad3372a10444957c0c31f98a1
SHA1f24c598687797a7c458625c64fa388321e9790b7
SHA256f1ace6b4dc45c09cdfd58fd10b8d211c5be006050a3d62a7ba8a4671005e9294
SHA5129965f254b46fb6f991a0a7415c6db356d8b5b52eba07b9b519f05cee86d174ac79e1e05619e8167fd01689f99cf40d017fc629cdac64bee507360ff4e38d48da