8274700f8eeae004be3d9ed87414c28c3ab5985c26c33c5d9ead77f9c78db8b7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db2d13d0d7b054a1be8527c3cd8ac201_JaffaCakes118.pdf
Size

80KB
MD5

db2d13d0d7b054a1be8527c3cd8ac201
SHA1

83e5747291425546165822533df04bef379acc34
SHA256

8274700f8eeae004be3d9ed87414c28c3ab5985c26c33c5d9ead77f9c78db8b7
SHA512

0704b9a90e7fea3883daaae511392d9e6461d8bcda1aa20e78aab6b5c64c98b7928d82a3cb8d154b07953093a747e79d2d9d963cf33a9edb110b5bd74cdead74
SSDEEP

1536:53wpI98Ce4x4xysDMjrilZFcBWvQyLNd14nFx5yfWAVkALSEWcpOmh5E77:lwimnDMjUFc1INd14nVyvJLSvmhGn

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1884	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1884	AcroRd32.exe
1884	AcroRd32.exe
1884	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\db2d13d0d7b054a1be8527c3cd8ac201_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
dd0b4205549813e30eb6334628cf9053

SHA1
fec3688745ab0532b41a0e7c9c2c93520df9e7b5

SHA256
451c52cfa7b4f8367b3b7f3b85d5fad103110f812b1bc9c0749f897c25478fcd

SHA512
09c8c6f1711a20b99fc60b2bf126d46e4286ab138e0a97370fe9325ba9b5a63aa8f761b066dfefd602ab74e5db5111e8bdda0d0ab6a774abce8f0afe7c248332

Download Submit