2e719ee627d9b98e08cf93bb58dfa1e64c7bd5432ce77a198a5db9c2d0d43205

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddf31e117edc8bc966942494a1e2b750_JaffaCakes118.pdf
Size

43KB
MD5

ddf31e117edc8bc966942494a1e2b750
SHA1

08510d5aa268102ba23bd6ea7babc03303da3516
SHA256

2e719ee627d9b98e08cf93bb58dfa1e64c7bd5432ce77a198a5db9c2d0d43205
SHA512

cf46262205b4f6e78d87055f6902e4d7bd6970ecdc2c87bf48a9c393eb236c24867776a460a664a063ec7ee598c2d6963cd56d28fdaaa747423ecc7269a6a011
SSDEEP

768:rgGzpDcV6vdek9OCBN/cDgNjrgk5DL1JI6NWPWP+3u2JnwFyiDssHBvLSyS3H/zN:UGF47argk531JI6NWPOLq0yibBe3v5s8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1624	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1624	AcroRd32.exe
1624	AcroRd32.exe
1624	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ddf31e117edc8bc966942494a1e2b750_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
9da41613d5ca314b047cf36e93daeed8

SHA1
f2dca2daa0144b97092dd6ca954e36e9c63d5e73

SHA256
fab92727624f3e319c0a5e467163fc29b3c07048d66853aa79b8d34bd1f8a4c2

SHA512
071280428acbf8ae233668d0c5bb5c3d2d6456641d84864d46c4f6cc13c01a00635ffe7e4e2d893557766a2567a86a6302fa6259a959989c716769583c489829

Download Submit