3481b5e16e00b9bec4deb129673ac127ec12770d5495914f50efb3ccd4fada70

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 15:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d2359a7fa4ed94f3bb59d87cdc9ee435_JaffaCakes118.pdf
Size

45KB
MD5

d2359a7fa4ed94f3bb59d87cdc9ee435
SHA1

e0704e9da1fbf921745d9ff83ebdc74a502e58c6
SHA256

3481b5e16e00b9bec4deb129673ac127ec12770d5495914f50efb3ccd4fada70
SHA512

fe67ee43b216823102f5c38cb4e4573deaa1c2c7b67a27a6fa2cd5ebf3a0273cac3728615a9fc35d790d60731c010584e038700f8c840eb50076ad7bd19ff28e
SSDEEP

768:vgGzpDzMvOnKHbzxhXXMRhLQM7chA2korJmO8iHBc+fez9WJo5A3J4KDmY2TdYnd:YGFvMVPrJmO8iHBPE9Moe3JPmDma/K8G

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2108	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2108	AcroRd32.exe
2108	AcroRd32.exe
2108	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d2359a7fa4ed94f3bb59d87cdc9ee435_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d522c4ef44b6e639f24f8af667dd5229

SHA1
a1626d775922abd91b476e1e4d297bfc8c00ccf3

SHA256
24130c6dc097a72dc7fc329ddf5ce4528e10f3218a1cbfcfe120a7a76bca98c0

SHA512
7dfb2775454a349a7f91d088d46041c2d65addfe3788af5261b562a59185c418b54d10a8bd0c3f3fea7815823cd8b8b43e0ae25ef16524487cc15c85421ae3d9

Download Submit