Analysis
-
max time kernel
84s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
08-09-2024 07:54
General
-
Target
d3e42f509105a5ee26efb92396de7ac7_JaffaCakes118.pdf
-
Size
12KB
-
MD5
d3e42f509105a5ee26efb92396de7ac7
-
SHA1
fcd2fb60041e2288063844296996a8dee3f6ed73
-
SHA256
b507c776c8caf2bea8766c64cc290f1eaf9ffcc24d94e1d2dad928791ddd02c3
-
SHA512
d88f2261caab6a71d63d43e3647b390881ef49f9e7e73d274cf5c27ec660d8087ebcda0e939a3447660d177a4850e60b49bdd879b64b1698606366582b2e18c3
-
SSDEEP
384:bONbedw+lJ5aagg6KZvbfpRhvFAxCM87WmmmmmmmmmmmmmmmmmmmmmmImmQFd3:Uagg6KtRRhvFAxVeeF9
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d3e42f509105a5ee26efb92396de7ac7_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 7642⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
472KB