21bbd44edde2f4a956e31986b3174f8d1cd565f5c675076872c2be3ec741431d

Analysis

max time kernel
94s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16/08/2024, 22:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a036ddeb587e57894d43fd19e24b4ad5_JaffaCakes118.pdf
Size

99KB
MD5

a036ddeb587e57894d43fd19e24b4ad5
SHA1

194145b650715b4b21cbe3d7f09953c1f6c05485
SHA256

21bbd44edde2f4a956e31986b3174f8d1cd565f5c675076872c2be3ec741431d
SHA512

ef708f613c8f709fe83d756aff84fd34e9309dc561a524cb72bfd1471992e3d97bddec9e48295642d390d94a402b749d22c3df5dcd7d31360d115c75bd3b72b7
SSDEEP

3072:xpbkY5VthW3yfbJyt9rzg6hthSoh/b3GpcCN:xuSVthW3y1uNs6hzSoy3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2548	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2548	AcroRd32.exe
2548	AcroRd32.exe
2548	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a036ddeb587e57894d43fd19e24b4ad5_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
9479c44cf7af54500e3a8728729eb3e2

SHA1
f589069c34e4972e544737ff8056f3646908e16c

SHA256
2bcd16dbff77155257e57bf88b715f0f65db202dd79e7bb2f024b3d20c89c2e5

SHA512
faaf14f2abef48bc02bad2524423ab55eb3b5b1c63d2a3c99aa610a55b6efb56dddaad2da0d228c580aa967d2e51b8da718fff84daaf1d98c38c4a7d88f58e18

Download Submit