99de5f6d14fb5d743d9a3211191f32a6be5ad98bb5101c5f36d542b8a10d46a3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daa7468c40a5fd907573f0a1fa74caf9_JaffaCakes118.pdf
Size

39KB
MD5

daa7468c40a5fd907573f0a1fa74caf9
SHA1

f28c644203fb775d863383726596f767c53c345a
SHA256

99de5f6d14fb5d743d9a3211191f32a6be5ad98bb5101c5f36d542b8a10d46a3
SHA512

4da71831f057a5002794d26e70923278bd1d7678337577bdd28690ee552481aecb285076c0c5ae6af3708d49529fa73559390b1950e907b69a6640c7523b8efd
SSDEEP

768:ziG4HIpsGtgal6LlyKud9aCUC1mh82911aVfVciiz1HPeV0G2m+uCDQfadFh2cJL:ziLIpsigb5KX1mh82911sfVXiz1HPeVe

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2144	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2144	AcroRd32.exe
2144	AcroRd32.exe
2144	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\daa7468c40a5fd907573f0a1fa74caf9_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
8f1648999712241d9a2a51b4101004db

SHA1
c5922559b4c076dd01d6be738633b017e8fd4f8d

SHA256
ee2e84c3ab86f27914f26fa637e973ed0d3d7840f9147be0f8225747104da52c

SHA512
adc2ed8a57d061f14b462ec5152307c83af40372510810842a3534307ffa648ed5b417026e2adf44e15ca10df7224566cbfb2800da9249aa4c894d9a2ed9297b

Download Submit