Analysis
-
max time kernel
96s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
23/08/2024, 07:24
Behavioral task
behavioral1
Sample
bad34559d846835172f9921ff127561c_JaffaCakes118.pdf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
bad34559d846835172f9921ff127561c_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
bad34559d846835172f9921ff127561c_JaffaCakes118.pdf
-
Size
42KB
-
MD5
bad34559d846835172f9921ff127561c
-
SHA1
0b1fcc051877e68e38df6c565dd619005bd134d8
-
SHA256
2d3f05ee6cbd27902093e015d6566d10b530fe51f68962fe49a0b1c45367b275
-
SHA512
78bb68cd2695740ad540e702b2669fccbab06acb34a77792593b19ccbe3d383aa790c1cb9355f02bad301ca0855b0d675fd38a8caf724bc08f94e6ea0739333d
-
SSDEEP
768:EgGzpDy4/D2Pxz9RK6vxDrqLjKEEOrfFWpMZA44TbeMCVWLQ8U7:xGF240PK6vJUfFY6A44OMg8Q8U7
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2064 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2064 AcroRd32.exe 2064 AcroRd32.exe 2064 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bad34559d846835172f9921ff127561c_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2064
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5e274173fad94935d30ad49ea2a2a24cf
SHA16c303e752596316c592919ede6f6a51831dafe1b
SHA256ed4ede2fa2c41066d2dbd565490df28657ba0ffb5294a20fdeb135c12ed2f508
SHA5120471d14b502e0cb83092b2f0e0d219e5bf82d0a14a5cd6e6b19f3d7ab9a40a4772d4f67ee6370a51dfc7fb955427691566fc36cbfa31c90663007d1057d49a1f