086ddc63261fba2c832e736f12b3ecc34ea2817f7b24ef9e0e408f9958875f98

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea8b64f2115601c13e1b49edb1abd86c_JaffaCakes118.pdf
Size

45KB
MD5

ea8b64f2115601c13e1b49edb1abd86c
SHA1

cf9baa9de3bb98d5d49f31c005448edef4e2b6ed
SHA256

086ddc63261fba2c832e736f12b3ecc34ea2817f7b24ef9e0e408f9958875f98
SHA512

42a87bc287f92cf59a5adc8d0ea26c37358ecfbfec53019da81c94ab59ff8a5ddac0ebfc5ef5c2b7e226e00771000def327e45cb5248065afb111c65fe76e89b
SSDEEP

768:LgGzpDIuprWg2sVNzxQZo4oLLcZhZyAx0cA32QKmAa+kipM69yTAFVYUZcm/QsNA:0GF0uprsZyAx0cS4a+zYsHhZcm/QsNA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1476	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1476	AcroRd32.exe
1476	AcroRd32.exe
1476	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ea8b64f2115601c13e1b49edb1abd86c_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
6cd4244186fad214ad56c12ba7941f7c

SHA1
42f1cdca5f2759783eb752f9ade49700cadb8828

SHA256
594184d5de17d6ad80773bfba9d3c8b10549f2a974130fe6979af8604c98e49e

SHA512
78067d6d4263749ddddb3b4cdf8fd43049908e51a5b50a8b03eca5367cfcdbad2c2fee744cac59d024966d1837a9457a071a42e539dcef1d8c7934fd4b94e34a

Download Submit