7031bea095dea83acc344e325d918860098cbef09e6d4c1c1b24d7e7888a13b2

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b32964cbc4bee7f27959961a53abbfe2_JaffaCakes118.pdf
Size

84KB
MD5

b32964cbc4bee7f27959961a53abbfe2
SHA1

09a20fe37a89b935338914d8e7641996262e7b9e
SHA256

7031bea095dea83acc344e325d918860098cbef09e6d4c1c1b24d7e7888a13b2
SHA512

c2607cf1087db140b039b7aa34e96d5951ca61d58d6e74805a54c97964071b8d4c0da5869f1aec4f0ecc2cf2db5472d011aae27ecae463176d545bb816c5ea30
SSDEEP

1536:Ihjqf4MBGanDgVgCEKnqn9UMYjR6dbRiNsp4QzyYEW8pO+0MVthW2YeTfI8ruNY:2qfnCEUqn9UMYgdbRGEzyYf+0Ktge/P

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1864	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1864	AcroRd32.exe
1864	AcroRd32.exe
1864	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b32964cbc4bee7f27959961a53abbfe2_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ec919d5be96cd3c731e599e88fefc084

SHA1
10162c999d7e76c5511a76930cd35e2d843ac302

SHA256
7fcab3b5f0b2d64acd286a9d075a5fb835c0c0dea8f6526e4270845e2fa4ad04

SHA512
922fb18470ee08645699d6387afe680cd194a03084d24f1e3d0a2fcbaac05befe025bc7422a5a3efe8ee3a2645ef87cd28f54756f0606e17a86812b33cf7c65f

Download Submit