c95a83ed5353cba02969c9d18dac71819e92256f6cb0dde56fc9509910c226c4

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

879865a860c96c99087ebf74166b1385_JaffaCakes118.pdf
Size

53KB
MD5

879865a860c96c99087ebf74166b1385
SHA1

6a4ffeee9ce2d7d5479277e71e341f92fb090d7a
SHA256

c95a83ed5353cba02969c9d18dac71819e92256f6cb0dde56fc9509910c226c4
SHA512

9566f3d03d40ae34d13a3fc5781ca4d392b6a5dd21d0ee1d45d1d6ef86b2f4c22756319e542de6784d8bf1f26f34b80aebde6dbb837fee2985155d896cbcbdac
SSDEEP

1536:x4v3sKQW2EJuKb9DIKyS+idgRG5H2fphdWC7:6vkBElb9vyS+idgRGO3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1528	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1528	AcroRd32.exe
1528	AcroRd32.exe
1528	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\879865a860c96c99087ebf74166b1385_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
843f676bc33305c901c3a2ff80c91485

SHA1
49cd485fa857ae4328ca4e71747979aa2a73c7a0

SHA256
b8dc8fe7a7be4651fe9a2f9f46b735d8d9b51ff7ec1bb9d3d2e62cf140e67812

SHA512
b1e3240baa6b92ec243907fec20fda97c2ba7e9b7b9e4b7844e5e663596b91e8e677a27403e2a03661edbab92cd55d5008477137110a0b82c0881678c1d4ce53

Download Submit