Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
12/08/2024, 11:38
Behavioral task
behavioral1
Sample
8e98459fea0b25797c483eca0102acea_JaffaCakes118.pdf
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
8e98459fea0b25797c483eca0102acea_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
8e98459fea0b25797c483eca0102acea_JaffaCakes118.pdf
-
Size
19KB
-
MD5
8e98459fea0b25797c483eca0102acea
-
SHA1
567fdf8fe021295fb953cc5d777cdf8aaf389baf
-
SHA256
c9ca8f1df33e493e51c90536cb02bd91a5a363b4ce41d815d96f4b5016d19237
-
SHA512
06a03b6d423c1a279f6a36227cc69d81d550dffeae2d25d8eaaa8184aeea310ffeb4bc7f4eabb55534473ada22f2b174421f5d9c149ea37616d32b01ea759b05
-
SSDEEP
384:VzVEiUDSiz1Kc1e1nOffMIfaHmPYSoJ0oCgW8a272qdo8qPP4MH5XCvq3EbGqcrO:Vzepz1KMsOsDGQtJrCgHa2RdlqojS8l/
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2356 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2356 AcroRd32.exe 2356 AcroRd32.exe 2356 AcroRd32.exe 2356 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8e98459fea0b25797c483eca0102acea_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2356
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD504d6dd0bd97eb16d850a29080e4a62ce
SHA1b8465ebd01eaefec04be50c629f6d7bee37b1c08
SHA2563df6a29d206609131ca197f73834a7e4a2e99fdfa404b0af247bf57a73aa176f
SHA512f7e5cccc103aae92879e30f3555bcf2bb98974730ef6b73ec5d52359a6c8c77d412fd2538e3131762bc25794520bfcdc0b8e31aac1ed64aea662c727e67f8adb