844fbad054d054e76a5f221a09c9655c871afa4513b52078e2728174a9c3ccd5

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2aeea54e5d02993c9e4070878b5f1a8_JaffaCakes118.pdf
Size

25KB
MD5

d2aeea54e5d02993c9e4070878b5f1a8
SHA1

004cd30a97cc875798d3b13b6703558be281cd4d
SHA256

844fbad054d054e76a5f221a09c9655c871afa4513b52078e2728174a9c3ccd5
SHA512

cba60c0097d4fd818e170cc5ae96591a27a8a68cf27545855f4d3bb0858b4bb962c6f7d179188df85cf02c3d050fe307692b5a25e7f2294e0340743d0c184324
SSDEEP

192:zONbedw+lJ5JoVrmzsdNTmXK+l1q68umEmJAhh6nbgdDn3lD3:zONbedw+lJ5JoVrmaM6+WrBJARDn3d3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
784	AcroRd32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
784	AcroRd32.exe
784	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d2aeea54e5d02993c9e4070878b5f1a8_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d32e4176dceaba37c3236a90fe4c3689

SHA1
c4797aaeae0b9490aecfd3d292086c29a88321d0

SHA256
129d7c6b559cb6f4a16e6a4010d3fc618dff5195112c69ba493bbf463739d45b

SHA512
16742a532bc73f5786ca62ca4e45bc36d4074f7aaf53f53764f3ff75812845362495ee9bf3546a470513e4b64e6f611a35599e1c6a133e5cda7f9ae09e5724ea

Download Submit