ee785bd65c2e061b954414a3aed7cdf9b9e7edcf2d24cde3081fd39f52ef1a4e

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfcb08986ca530148a2378b54e27ee0c_JaffaCakes118.pdf
Size

56KB
MD5

bfcb08986ca530148a2378b54e27ee0c
SHA1

27ff46fcda18e26e9d29be8a062a37e9fa99cd0d
SHA256

ee785bd65c2e061b954414a3aed7cdf9b9e7edcf2d24cde3081fd39f52ef1a4e
SHA512

b2e40e9bcde8edd71454918fb0493fa38f219999221fd15167275ec31f0ee1ce06b1f9d4c825b8d1790e65550a6d1fa0c26013cc730812d4067d4646b266074c
SSDEEP

1536:8GFYpX6xyCDNgg21fdxJbDQnTh4pB4/HnOW2POARO/hA7xl:ZFYpXSyCDUhdxhcTh4pBaHnO9GAE5u

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2308	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2308	AcroRd32.exe
2308	AcroRd32.exe
2308	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bfcb08986ca530148a2378b54e27ee0c_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
65841362d1df8c3ea6a2a6ae96f8d1bb

SHA1
b09273c5b96b32ec4b6e46a28a442b285f28db60

SHA256
6e462acfda00118308e4f1ea4b5e1d8c1dcabf93321b0733cba242944149d480

SHA512
8970f4cfe73eb036517775a71f2d8c1cc1684d008c0ceb996e4939e3bbeb6844f48c99e1da532837eaf0c7f49809795a53799be9cb47c6733dbdb865997d6411

Download Submit