586c0ba96a31d33b012eb9ee14729239b1ca15d8f25f76ef2fe9640e6a7b6bf9

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea92c6134ecd62421d118920fdd07c00_JaffaCakes118.pdf
Size

49KB
MD5

ea92c6134ecd62421d118920fdd07c00
SHA1

4d853c88fec978abd42077c41499c23bb12fd459
SHA256

586c0ba96a31d33b012eb9ee14729239b1ca15d8f25f76ef2fe9640e6a7b6bf9
SHA512

1be5cda6f053b2f26674fffc8b64c102205ddab783925a6f9459aeccc93ed1ceabd017183b8615d688fad74169e02939626d755d4ada551882b788288869cb64
SSDEEP

1536:HGFEWgUyY/wWiOFYFp8FNWkCwcP8sqlEa:mFEWgjY/ywouKJvksS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1296	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1296	AcroRd32.exe
1296	AcroRd32.exe
1296	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ea92c6134ecd62421d118920fdd07c00_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
fd8eace434dd328400d899846e0da518

SHA1
80d5689fdbe9efb94c201fc691228ee073cd0522

SHA256
830de34e9345de81bdce7beaac2d200026fb48efb7e2563c0e7b98533814c920

SHA512
fbf9dda7c56cffac0a91aba57b9dd3a1c5d102fb5e07f3af46161a99f480d5fe4aef95b066c86c1608b840838c7aa9f8ebb4757ffd9b3d0d0dd6190a4a881152

Download Submit