14a661106385bcf99298fe1b3c3027263dfd638b774e2bfb7710055dbb2a8683

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdfc7ff5547c05e7e0ed165d0c2305ce_JaffaCakes118.pdf
Size

72KB
MD5

cdfc7ff5547c05e7e0ed165d0c2305ce
SHA1

b92fb15b8ed070852d5375b5b497f808f1513268
SHA256

14a661106385bcf99298fe1b3c3027263dfd638b774e2bfb7710055dbb2a8683
SHA512

a9ba93e1a93884099b42a1a895e475d6321b6d200b96552e2c5abbe6b3aa8c7eb584c3b83daf8d141d2ad0b82d3758be37c848b983f3683f06407c3ba3aeb3e6
SSDEEP

1536:MPFppmfLJrF+IZzGZJa6nb/g2Xdta5371SXNV0dvPGMiPqxk91Rw:ermfVZ+IG5/fX837EX4dwSG9s

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2100	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2100	AcroRd32.exe
2100	AcroRd32.exe
2100	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cdfc7ff5547c05e7e0ed165d0c2305ce_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a987f5eeede4bb665b1fa78f0b6fb1ff

SHA1
949196a3a59afad2ba3d65cb3c5de6466db880eb

SHA256
2b081edf3ff950dcc76cf5e0a667facf496429a4a47b0f9184ea41f01554b64b

SHA512
be0fd17981524e227e028234407c35221c6671b10d2553679f5be64f76dc2db0c3a87009231b08073f9e6881e9b87bd5c16f7dd9e6105afaaab30833df66f40f

Download Submit