9dfe610e07339d9fdb2e950c5c865daff3399b6a69ce25e890569f9272ecde7e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 07:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

899aa6d558c61a34dc6e606be60de544_JaffaCakes118.pdf
Size

15KB
MD5

899aa6d558c61a34dc6e606be60de544
SHA1

4a31ca10950c3357635148e5bb3a364436df4002
SHA256

9dfe610e07339d9fdb2e950c5c865daff3399b6a69ce25e890569f9272ecde7e
SHA512

cf805028565e0f00a77462efa175cffc27c6ba57943dfb7498727c2f094dbe4b760b81dd02a2d0223d1a12a0a40bc6c4bd1b0e6c639c9e0e7cc64fd496821fd0
SSDEEP

384:zP5uqk02s7wkNU1YKlZ1XtSbxKge+oL3j03fLq1Lc52Dy2HtY6:Erk61hZ1sbxr/O371IcDyy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2372	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\899aa6d558c61a34dc6e606be60de544_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c4a84fe581b9844a100512ad0d483512

SHA1
a7cb386eff9b8206e3b25dd71759d181c9e73fe6

SHA256
ae7241feb6d231c64de687a4fb8723ba6ff266c38c5863ed3498750e970d4392

SHA512
00fababcc4a2e15ff96ae1f568c8f62b353accc9fd194116da3c101d3e90b9fd6222cceefa0fdd709b12365556779a682c91e8259c90d6d592b1e3747dbaa788

Download Submit
memory/2372-0-0x0000000002910000-0x0000000002986000-memory.dmp

Filesize
472KB

Download