578b019c3f40e5894951b1bd4cd0117deae757386739190363ba992a9c6ced3c

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d525a3d19b3dcf95faef6391c10dfb76_JaffaCakes118.pdf
Size

50KB
MD5

d525a3d19b3dcf95faef6391c10dfb76
SHA1

3d3e9b6c72e4c2c166a0d5d2a6fa12054ff9fba7
SHA256

578b019c3f40e5894951b1bd4cd0117deae757386739190363ba992a9c6ced3c
SHA512

3aede210756935deede43b0de99e1f3dbb80d2c7bbe015d0f7d480e6dcdf776c88b08c9e1de0af8f45f04d347bca5a1d0a103f4fdb20377ac8016ec24c35cf3f
SSDEEP

1536:uGFdzvWCffXlKZMopMx2VBWBTRCge58oDk:XFdbfXlKZMyM4VWZ48oQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2904	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2904	AcroRd32.exe
2904	AcroRd32.exe
2904	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d525a3d19b3dcf95faef6391c10dfb76_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ade7aa078f76f03a01fed7a6df405dce

SHA1
043dcf61d33e89e71ac806e2ec1d3304c9f9a63e

SHA256
533549f76adc8af6504fe29aef093ee194793456437085fe16d3235d9716f466

SHA512
a485c7c6bbcffc9de59097230d10d076e7399ee577369fefe8b9a2251bde94e367c7dc9bb17be8b5026ae9969a65aad8dc8a9b73f11dcfbcbd588ebda7a48dac

Download Submit