2a8cbb7df25e8fb658f6d901cbadd7442a726404d27046f91edb31fbbc70200c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a70d1ee52e1869c0586c26f8fad3818f_JaffaCakes118.pdf
Size

73KB
MD5

a70d1ee52e1869c0586c26f8fad3818f
SHA1

f11a44cc89735059117405ea5f2a72c8f087c533
SHA256

2a8cbb7df25e8fb658f6d901cbadd7442a726404d27046f91edb31fbbc70200c
SHA512

fb0a92d728326106e3657b5241db241bd8df93480e1cadc8e7513a801f41ebb5ab81701ebb5eed0776d2230e3635bb8b2d4b923eba5cd033dd6b4972b70044e6
SSDEEP

1536:n0ygvpeql3vZwFrfOSxYIYGZfQdjwl0tZWCsLaJsgvA9bo0OLWW8pO+AME:T20u/KlfOSxYrdkl8PVvWOLR++

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3064	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3064	AcroRd32.exe
3064	AcroRd32.exe
3064	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a70d1ee52e1869c0586c26f8fad3818f_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b1d2f6d1a01cb3163673e46beb342ecd

SHA1
9b6ecd8332853403f27daf37f0f1bd7fbcb3ec6a

SHA256
15496a70dfcdc93a31051b721e1d4f2f52d56442e36e437c3b721bfff00f9954

SHA512
b72b9c91b5b6ef7317b720fb7d40f7db31dd2c16dcdd85df163d3f6546f935c5438eff60eb23b237022ed67fdca917be2aeed1f050303a2eb66d3f20f77e9b21

Download Submit