d4f3bd68807c84a3bcc2d951736bb5fc86001e5f68f6d58cfe0e78500ee492b3

Analysis

max time kernel
91s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0e1d53e89d327bcd77159f176082e80_JaffaCakes118.pdf
Size

7KB
MD5

c0e1d53e89d327bcd77159f176082e80
SHA1

d0a2997ac4aad065215e8dc1f6173bd82cb5476f
SHA256

d4f3bd68807c84a3bcc2d951736bb5fc86001e5f68f6d58cfe0e78500ee492b3
SHA512

5ccb799a24dada4751f30e2d5e5f62c4cf1fdccb387e81feebcc125fca7423e51c210ec365e5b933ceb6fe1851b71694155f7de43ee1da619aca2a0de7ad4e6d
SSDEEP

192:IP5uFm4kNqd/obi13clkO1dOvg1ftZE1OTYi:IP5uFm4koxovlkcdEg1ftm12Yi

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1400	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1400	AcroRd32.exe
1400	AcroRd32.exe
1400	AcroRd32.exe
1400	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c0e1d53e89d327bcd77159f176082e80_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
4df8498b83490beb00393cbaaabf7843

SHA1
661968434f5aa4519034b7fc9e662bc9a859d679

SHA256
54a753cf1b24640ff83771a1e263b6ca5ac51871d4d74215d48fa3a8518c7b65

SHA512
358489e5f24d85e666be219f45a00e4097e3719af243d6e64e317c652efb6cc4edca86ed533cb7656c44b28521a14f82d00692ec036044193b9bb1cef7962b60

Download Submit
memory/1400-1-0x00000000031C0000-0x0000000003236000-memory.dmp

Filesize
472KB

Download