07afa002cb3b662ff66f8301f0b82339cab02d6ccc4daf02e35804c082d07da1

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2dbdecadb59a06c428621df70fee41e_JaffaCakes118.pdf
Size

69KB
MD5

d2dbdecadb59a06c428621df70fee41e
SHA1

169911205f604fd484c6441f18557ee4dd8f35df
SHA256

07afa002cb3b662ff66f8301f0b82339cab02d6ccc4daf02e35804c082d07da1
SHA512

4bee075d748a518059923ab11f4d845ddf785f029b87831f1561636284fc3668a6d49f756d325aab3da2fe7a7d436b6aefbdc25e18a0c8460c438585fb6d2695
SSDEEP

1536:GGFwfmYMzr4eZJJwq2o0N6X6Vm2udWuUnO9hY:fFwfmNzr4eZJJf2/NO6V4XUOk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2860	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2860	AcroRd32.exe
2860	AcroRd32.exe
2860	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d2dbdecadb59a06c428621df70fee41e_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a05d4c9cfc9b0aa9a61d871c051b9bcd

SHA1
f0f8a29cfb74dfea06cf127420e9683016fec172

SHA256
b71973200267d0522a25d0fd0445fed242441830e1ab0bd8ac5861beac7c087d

SHA512
6cf7e25e72dd33a31e1fb9894e2868bedba70541671c711a27bea82b7a6329d566b84f7b2f70e439f5489be6fe14fcedc4c801b3894feb2721753585f198d329

Download Submit