68efe9487acda5de902882a23b9d40dcc1fad1740bb4772e34c5d3d94674d939

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9080948616340b935ebd72a4161042e_JaffaCakes118.pdf
Size

45KB
MD5

c9080948616340b935ebd72a4161042e
SHA1

1e77d4b7017bcdc421f381f8813034340d8e2990
SHA256

68efe9487acda5de902882a23b9d40dcc1fad1740bb4772e34c5d3d94674d939
SHA512

2baa286532c4edc0b8e52b56b134d6b854b8b241d9a677649a7863bb0daa6b4f82ca08d195571b3247a84d6940d5a506601e009498db21a260486c95b72b6626
SSDEEP

768:3gGzpDyBVksi8CQGyBScpa5rPTjxHxQihFeEvGRSKf2fS/Fe3nk62RKnpmltS9Qt:QGFmQ7vhcKgSS0eFmnk6gK3mD6e+WjL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1724	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1724	AcroRd32.exe
1724	AcroRd32.exe
1724	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c9080948616340b935ebd72a4161042e_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
bfced06d70de4ba653e9f9a6f18b234b

SHA1
f4baf6b76ee214dd4829df9e6195c89ed10afdcd

SHA256
7551a4f3774ab7e257006bfa25cf3e15eaf26313da54e1d3921920bc56a36d5b

SHA512
7a0ad456bad98d2ee419e6cc838522741499184cb51936c4f6277d3ec8a6c698f9ad9cbe91c7e5c835bdda97dcc0a87bb1c8e01d6d9286f451f35b9e0b3daf57

Download Submit