7e4f77782ec0bbf4bb26f9c82450123a72686e74839bf7281287cd9b61a93c74

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 10:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e4dca3e57cd519bbd6b8d38e9ac178c_JaffaCakes118.pdf
Size

44KB
MD5

8e4dca3e57cd519bbd6b8d38e9ac178c
SHA1

357af42df2e9bf526c8f49f945d4633864decd27
SHA256

7e4f77782ec0bbf4bb26f9c82450123a72686e74839bf7281287cd9b61a93c74
SHA512

ff4193f8d5ff5db3fdc1b1c362d83fafc9b011ab91e13d7b1b419ad110d0cd53fd61b44781a608f7b2fb336e8150ddbbe344f6fd7041239e118a432ffe3d4965
SSDEEP

768:UXuMZmwgCLWarzE5HpuwsPki4iKDXeW6W3ucdNeaVXc78q7HFG6Ky0qdfBV+cWlL:UXFZmGWS88wsPki4iKDXeW6sucdNeaV9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2480	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2480	AcroRd32.exe
2480	AcroRd32.exe
2480	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8e4dca3e57cd519bbd6b8d38e9ac178c_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
bb235532442088bbb6927007d8090764

SHA1
67224928b006a4d51fa0ca3899cbf3c624c29303

SHA256
e180a0c9b1e924749a8fc5b267acb4f3465791dc1953b164649f5bcc9201c85e

SHA512
1f6da1fb964ff98a932dbc684845277d6519530b11f537750f442c9df61cfe63b38be95166be149e1ade365b90153cef815410b12dfdbbb8cb80405b651f5623

Download Submit