d3e8fef84e93640959ecfc79bcde1a64124df597e0e49999a952c8c70de5a5e2

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df506681f7aab712036b7311e3aa594b_JaffaCakes118.pdf
Size

42KB
MD5

df506681f7aab712036b7311e3aa594b
SHA1

3275a5f95b6a818b0e25c71784d9c95260fd1da3
SHA256

d3e8fef84e93640959ecfc79bcde1a64124df597e0e49999a952c8c70de5a5e2
SHA512

c46fee4edf534868a644ab100d897cef76267bd57460badb3ae5725c0498e624d82a4fc92a8df50d2da9738f9a18a98c7b7a99a00168fa0881a5d7697fd75b9d
SSDEEP

768:zhvC1Mp4nAeumUPaeI8orS01P6PlQVxGhmGuaDQra3FX2gJtbf1n/DLKZKnsxYnR:z+MpLPaF8ov1yPlQVxGhmGuaDQra3FX1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1016	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1016	AcroRd32.exe
1016	AcroRd32.exe
1016	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\df506681f7aab712036b7311e3aa594b_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
20e70f564685a8f5c461f61e82c0b83b

SHA1
6f9fd13ed1f52e006c52d2f5aca2992349907c2c

SHA256
ff26b2ccd1f474764eb557612c5d188b18d4aa0b3d7ed4d89e3dfa59e5e32407

SHA512
e476e9800b1d281381021e846f59bf0f640eb56b24cff8fe9e20f0546ad407481e8fc312b111a478f551f539d0f572d20a79eb4420483278218619e22c3e8c5c

Download Submit