94f782ddb3446511e8dae15e4480f98fb45829949afa14b27b612d1858e3c4bf

Analysis

max time kernel
91s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e2426b4a096bbb3e14c1a72fdcf6bdad_JaffaCakes118.pdf
Size

21KB
MD5

e2426b4a096bbb3e14c1a72fdcf6bdad
SHA1

09b16ad2898d1431f072027d01057c3afed5cff8
SHA256

94f782ddb3446511e8dae15e4480f98fb45829949afa14b27b612d1858e3c4bf
SHA512

36258a0966aff3aa9083177431839182b6b4150d5a496981c3511b9fe21a747b889e4262bc9e54f6e4be7e70535d7b6beed411fe1d4aeaa00b789a01ab704e1a
SSDEEP

384:U/QON8MUG6Qgw0JZCTzz02YFnarXvZE5HPBuVCIrWzfGGisQ3ow6DIuIFd5qkt4f:UXuMZmwgCLWarRE5HpuwssenFY7Euqdk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2300	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2300	AcroRd32.exe
2300	AcroRd32.exe
2300	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e2426b4a096bbb3e14c1a72fdcf6bdad_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b7ad24710ad898b6570456b3472318f0

SHA1
bdfff90411400768b313c8c8ffec1a6100016e34

SHA256
13a0ae1fec8035fb02b310fd97e1578e80c8608e97def9fef2265661d1a43204

SHA512
7637ac8d0339b9ca8af76ae6635cdf7bb6f6dc6e656396a641207503dab317d53f7233fe00f4c3aed37765cf1d20d171d19171498633df1ff741e7351c9eced3

Download Submit