b6f8f3cb57cae0b6ac446f9d80fc8115f62146b1681f93245f9a97df4b3b7f5e

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5a28223c41b8c33c33dea7aefbfc89f_JaffaCakes118.pdf
Size

37KB
MD5

d5a28223c41b8c33c33dea7aefbfc89f
SHA1

476ca84766da19a97e8e96cdcdcd9f4286cbee5c
SHA256

b6f8f3cb57cae0b6ac446f9d80fc8115f62146b1681f93245f9a97df4b3b7f5e
SHA512

1547d50a30fcd94b37d8fc33cd8b8a862b650f66b8128599cf6159249b8398b8f72be60c589cc16f184870ead0236c5b80efebb1a1080d654a8df4e85ba0cf9c
SSDEEP

768:tgGzpDFe1O5VsW1YiSPH6mzm1uNrrhNM0ivRzx0qeHLXUyBop1lvz6Gw0OvEvAY5:OGF57RuNr9NMPv5peHLXrklb6Gw0OvEp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2120	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2120	AcroRd32.exe
2120	AcroRd32.exe
2120	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d5a28223c41b8c33c33dea7aefbfc89f_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e95c605602e7c32197ca546b1284b628

SHA1
8cb79bce8778b44be628cae9e4f9be7f99deb0bc

SHA256
55fb797accae17033cf120d61e2b36e2b0a35a1ef460fbb1935763e43fc16663

SHA512
725312ab4255136af6f41f24f67da735053e3dfab40d0d465d637d5a276ee3dbc52bd227bdcb2365c6c9aa882788f76ea3768a37bce5bd104015b9739276de45

Download Submit