ed4fa048f25977c5a25f352ac5ef9794b80a93d06f0680d0fa37dca8b1447bb5

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a537b10216dfb8a173f2dc0095e2cfd8_JaffaCakes118.pdf
Size

8KB
MD5

a537b10216dfb8a173f2dc0095e2cfd8
SHA1

a108b1d88dc3e3139302843458087e76949b3d2c
SHA256

ed4fa048f25977c5a25f352ac5ef9794b80a93d06f0680d0fa37dca8b1447bb5
SHA512

4b0bd82a629d25a36ef6051d263bff798bdb89efeaaa1832b6df1b9adb5c1af7bf136523abbdc4a4d13bc293a6106dd1e6aacae9a0c6bef13e052ecee306b98f
SSDEEP

192:dUz4ULMxL1KtZys9+oOMLaTSx2ekS24TE+gRpff2UW9W0TI/eNbYlz78Qswv:dUz4ULMxL1KtZyw+oOM3xPE+gzffTWho

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2624	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2624	AcroRd32.exe
2624	AcroRd32.exe
2624	AcroRd32.exe
2624	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a537b10216dfb8a173f2dc0095e2cfd8_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a498400e3ab8eb8d9ed427904f371e47

SHA1
29010cbef316a80dfbfbc13a25f4e65dc7627da8

SHA256
01db38a086b2b766c7a428b0ebafb40236ff20ae68d3f3d091cac459827eccc8

SHA512
0932aa3dbec9d9ac990dbf54f79cb8e20cf0f2862abd050a880e60b999d17cd44d0b150cc2f7df582060206215d6dfc3b167e497a55c14dc6f5eebbed432eeb7

Download Submit
memory/2624-0-0x00000000030D0000-0x0000000003146000-memory.dmp

Filesize
472KB

Download