d76e39f735323d7c94cf22341eb4bdbbd24050fa0845190663ac8d3b9e8ecf3a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de1f40040a3e2ff3bc7fba84c5d4d0bb_JaffaCakes118.pdf
Size

242KB
MD5

de1f40040a3e2ff3bc7fba84c5d4d0bb
SHA1

2594ae5164b768e5efaf337681c9a529e662f701
SHA256

d76e39f735323d7c94cf22341eb4bdbbd24050fa0845190663ac8d3b9e8ecf3a
SHA512

9a31d510d44504f623b878e4a54cd69a6094bc4edb82bcf9cc26134fdf2614ddf19aeab8ced3f70b66f588124b89a5996a73848f5d794882be7f5746c4808c2c
SSDEEP

6144:uvVffyReNneWz+35Z/zD3ORhljUaqTuLuHOMQcTOx7pF8Yo88jTKc/wOMwydkxq3:uvFySneWq3ORhVkqLuuMQGQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1488	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1488	AcroRd32.exe
1488	AcroRd32.exe
1488	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\de1f40040a3e2ff3bc7fba84c5d4d0bb_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
6f3a8f3c9e4fb3a8300acb97aebd1f76

SHA1
8527b5d2608fbe9c765cdfeb99d4fce2012ed190

SHA256
f316c242ed7f0378c723217fe5c00f5e637818f8821859b8020f71ead82c17ee

SHA512
89133f06e9bdde230462916da86d7b1640fe4a15031f4a537a89eb8797e7794e430ac15f8ef274a85ff2215ffa0dcd618ff566e00e50e9bc91e1dd3563d9cd1f

Download Submit