eb0e950c8c24718ea9ebc95e291658fc09abb9fb93f88e4dbbf29fcdb1fedde9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28-08-2024 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c762925bdd04b6a11066f1851bdd95f9_JaffaCakes118.pdf
Size

40KB
MD5

c762925bdd04b6a11066f1851bdd95f9
SHA1

c49405d926c592aa8dacdb027e83598447c26733
SHA256

eb0e950c8c24718ea9ebc95e291658fc09abb9fb93f88e4dbbf29fcdb1fedde9
SHA512

347dd36d876de3ed026da9eaf8bbc72b9a76221a84573e4c5dd2182b9374eb1a68158a1050a11bc97f4c3ccb0c95e32e75f934627f8dead8d597e548098240dd
SSDEEP

768:sgGzpD7PeLxrqa1VEJ3FXHRbsMXZN64leltY5Z6O4UNzXvgQtTOANO7qT2nmOy:pGF/Per+HrZN64wltQRTXvgKOAWnmOy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1952	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1952	AcroRd32.exe
1952	AcroRd32.exe
1952	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c762925bdd04b6a11066f1851bdd95f9_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
265ca3034320cbfc490d4e1c9a83333c

SHA1
e3a34fa233819fbeac3e709f6807f5712273bc06

SHA256
0e56be2fe8822ee6811ab36ec49a2d1c593af69d520cbaa621edb16acd35f11a

SHA512
1120f3a6b784bd1d70360931768ef6120be46038a6dc150f4a8e8c150f17b6ad33f00b5105e3970f408c322235ca1bd13e23da749036db3ff0955f85d6d4f273

Download Submit