c9ca8f1df33e493e51c90536cb02bd91a5a363b4ce41d815d96f4b5016d19237

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 11:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e98459fea0b25797c483eca0102acea_JaffaCakes118.pdf
Size

19KB
MD5

8e98459fea0b25797c483eca0102acea
SHA1

567fdf8fe021295fb953cc5d777cdf8aaf389baf
SHA256

c9ca8f1df33e493e51c90536cb02bd91a5a363b4ce41d815d96f4b5016d19237
SHA512

06a03b6d423c1a279f6a36227cc69d81d550dffeae2d25d8eaaa8184aeea310ffeb4bc7f4eabb55534473ada22f2b174421f5d9c149ea37616d32b01ea759b05
SSDEEP

384:VzVEiUDSiz1Kc1e1nOffMIfaHmPYSoJ0oCgW8a272qdo8qPP4MH5XCvq3EbGqcrO:Vzepz1KMsOsDGQtJrCgHa2RdlqojS8l/

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2356	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8e98459fea0b25797c483eca0102acea_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
04d6dd0bd97eb16d850a29080e4a62ce

SHA1
b8465ebd01eaefec04be50c629f6d7bee37b1c08

SHA256
3df6a29d206609131ca197f73834a7e4a2e99fdfa404b0af247bf57a73aa176f

SHA512
f7e5cccc103aae92879e30f3555bcf2bb98974730ef6b73ec5d52359a6c8c77d412fd2538e3131762bc25794520bfcdc0b8e31aac1ed64aea662c727e67f8adb

Download Submit