b06531f3092fa11c097074d1a444c7c4040631bcd38276f6789dd2c9cb98383f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
10-09-2024 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d752d9fe58f0b7d2d37a75aba1ff1464_JaffaCakes118.pdf
Size

49KB
MD5

d752d9fe58f0b7d2d37a75aba1ff1464
SHA1

446baf7f949cc08256ed3e45316bda0be96b3c34
SHA256

b06531f3092fa11c097074d1a444c7c4040631bcd38276f6789dd2c9cb98383f
SHA512

1ccfa9ae9256cf2062790450905f856d16cd80e2e01ae8557cf50b7bef4a19d531168149813f6fb411c81837444aec7df5f3c36f5bc6df0b20e1805bd5cf3c18
SSDEEP

768:NgGzpDZitC+lfVkfYJU6V/AqPEsoT/3FEcrepSznpEYtSMfwsnWTNAW9/VLIypVf:uGFVAPVxPPoT/3FpzRwgWT3hpVpgJJfG

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2480	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2480	AcroRd32.exe
2480	AcroRd32.exe
2480	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d752d9fe58f0b7d2d37a75aba1ff1464_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
d851eedfadd28e99f8f02eff02301d3b

SHA1
bce6d2cab9bfbbba41b86a7988d2041ba3609744

SHA256
1bb85c235a629c29f8015a3c109738d242d5ffe45708ecd62d4577164be6bd6c

SHA512
a7e7c7a2b7a2aebd7cac3c6a0d05d8abd3be9d5f1d1fbf360b0a05420545669c65159ed514df9097662065d52bc08500cb74e9e914769e57ffdeda1a473b0115

Download Submit