bf43928ed7c8e7c8f89764cf7f3258dfc7f25079ebc1e25da72956876e3b6acf

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6ad02e07b853757098ba56d22f22e84_JaffaCakes118.pdf
Size

37KB
MD5

d6ad02e07b853757098ba56d22f22e84
SHA1

e91be24f3ab912542595ebf62b1b811db46fc5f9
SHA256

bf43928ed7c8e7c8f89764cf7f3258dfc7f25079ebc1e25da72956876e3b6acf
SHA512

273e1919548c98d0a47c9f5048d07cc54ef2c61635ba525782897f49dd0e5a2a8d3520ec0aa664bbaa9b4b195b11c5785e73bd3f37cdfca678266399b5e8204e
SSDEEP

768:0xd30rCKqpBRViGUmpu2DQladFS2AJPb2VtaJlxrDMbUxE5tXuMZmwgCLWarWA:0GyBRViGUmpu2DQladFS2AJPb2DIx+Uq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2520	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2520	AcroRd32.exe
2520	AcroRd32.exe
2520	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d6ad02e07b853757098ba56d22f22e84_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
efa4463de5066f1d7a9a322e3e022fd3

SHA1
957956d3d7b51a4df1e98ec5402375843c9ba0f9

SHA256
43f82556b6d01e45558d646844e2724c66ad2963cb7deb0296fb900da2acd1b3

SHA512
b4727545ac655747f1256c506f808dc1430805c46849000cf88e59b800a2c61f600a6ac87e17c2eb51ba0b644623c000b5e6bda26fd0a519cad13e4de1ee20c1

Download Submit