Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
11/09/2024, 23:42
General
-
Target
db6e777b4a47b9abad8766f68f346bfc_JaffaCakes118.pdf
-
Size
132KB
-
MD5
db6e777b4a47b9abad8766f68f346bfc
-
SHA1
3b03a26ebcccd2bf23ca6e0d493559aaae84ea79
-
SHA256
8fb3cbe56625aa555d2c1761847f36fec0007454d179531fb37f5bad2489d804
-
SHA512
9e7c6a06e7d5f89309dc0f47f5a7f5b6dc28896cc06dbed0e7daa6468d7bba00870a1b84c3c3884d204611436e26372ef3896aff9678be50dff87c296a30b587
-
SSDEEP
384:bONbedw+lJ5v1R7sAki+QgReL8pGlJ+fxf+JRiPPgBs9RYqZJRMJQ4MW/SMXQAYN:nhRMMeamnoG
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\db6e777b4a47b9abad8766f68f346bfc_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 7522⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
472KB