c59ffb5be6e66b3e0b75c36ba896ec490be25a951af147cd31fa713e05305506

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbc0f6692f7d8f845c5d9ddf725a5001_JaffaCakes118.pdf
Size

85KB
MD5

bbc0f6692f7d8f845c5d9ddf725a5001
SHA1

bda449af8339fbf92b7ecc662a7adb445bddfd31
SHA256

c59ffb5be6e66b3e0b75c36ba896ec490be25a951af147cd31fa713e05305506
SHA512

bd5d6c62a1d0225ea951f468e59a637aa935ee6eb832e8d7131f02b223552405b8499a80bfab59f2443bb726caf0d5541f0961434cacfba37814dd7c6f8ebe0f
SSDEEP

1536:2+pMHxv8lMdI2CRh1v8yhmpAZG2dLWYOOyWlW6pOu2pzntZTkJL:C56M2P8yhmpAY2d5nWu2pznta

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2396	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2396	AcroRd32.exe
2396	AcroRd32.exe
2396	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bbc0f6692f7d8f845c5d9ddf725a5001_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
7cd6909212a9413a59375a382fe15576

SHA1
84b474dee623ae78be44418a3a4a33cf45496e63

SHA256
5be787ab779a4356fc89c59f8fe5886e7838d8ffef132932810cf4b8deb40c6e

SHA512
b4d034c6128681440838d6bb286c31fa76c213b0cd3020735b50eb9d4a4395e4c28e1575bb84f1dff36b7a2c8870285c848b6c2bf9cd10ea6acf7f569e6859e8

Download Submit