Analysis
-
max time kernel
94s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
25-08-2024 07:46
Behavioral task
behavioral1
Sample
c045636c03ada4453954403459df1553_JaffaCakes118.pdf
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c045636c03ada4453954403459df1553_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
c045636c03ada4453954403459df1553_JaffaCakes118.pdf
-
Size
36KB
-
MD5
c045636c03ada4453954403459df1553
-
SHA1
ea0d882260d4c1cf9d7a469547924d07043010b3
-
SHA256
7975b0cf69812b895e2393fb3708381855eecac655b6f8996dd4d12bb2147be5
-
SHA512
aed624914c11ebc8731d14a5b62cf8494f9f468b9e13330dbe36882718b65bb473f675334520db59323881263b7ebeffedd3b09bc696141bc47d34fb0adfcacb
-
SSDEEP
768:efOBDeqSRCT1VGJ3ZLT0eQYSSMlTvaCaVj1VciN1SPBVDGHmFuVDQzhE5nXuMZmc:efOdedCYpTnMttsj1VciN1SPBVDGHmFW
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2684 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2684 AcroRd32.exe 2684 AcroRd32.exe 2684 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c045636c03ada4453954403459df1553_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD50a108882e15ead8885931fede90c56a5
SHA1519c4bb99b092db3e733bf6d5845fabda6875608
SHA2562b69dff5a7df3afe76d7314e8467802e4c4691013a48867611261be948050a80
SHA512cbfa418583196dcf83fc82bfd4f677f0e8e32fa9cb288d19bf96faf3b106d33887356122ba1786392eacce8c45094f675a11233f7283223f7c2cf21425d0b862