dec993173b1a3d6b28c63b95ac8f6490940536ea03dd60bb41ac357ee0d34385

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d453f0cbf468518adb4348a73b0b8400_JaffaCakes118.pdf
Size

46KB
MD5

d453f0cbf468518adb4348a73b0b8400
SHA1

39e7ef1c708792fd4b572382266f52f04a51bdbe
SHA256

dec993173b1a3d6b28c63b95ac8f6490940536ea03dd60bb41ac357ee0d34385
SHA512

1caff20b503d0e12535d308a2a2c1987449d53252b4cd571741a3c0831cca2d3d201403e7823717fe2dd04a663e3ad563b3d8a2cb1af72eebc0aa3f2b615f606
SSDEEP

768:AgGzpDS/IJji8aHkt8299meUagsuo9GuSMMnX6G1kWpaox6U+p3YG5G76K:NGFGtPmV7cBv1kWnx6D3YG5G76K

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1864	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1864	AcroRd32.exe
1864	AcroRd32.exe
1864	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d453f0cbf468518adb4348a73b0b8400_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3533bf3bd9adc210ee3e528145143adf

SHA1
080c9d19ec296355fa7fec08c951ba31176c5830

SHA256
0f0d92db4a7d7e783a3420fca5630b3173c932e068fc0651e2e243474ca01624

SHA512
d8a3bc9318c597c9c2adfc21d2999799210391d91271aef0a4205bc1e1db9098297329bc1b84f56710bb1ec68e66cf3e4a6ea93bb90daeb26b1950b9176a38a7

Download Submit