e0c515bb34a4ead596a3bf5c8c63e268f375f270d1068da0126f635f553b0894

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaa9b4cbea4ae5630f6f7fee11e821f5_JaffaCakes118.pdf
Size

92KB
MD5

eaa9b4cbea4ae5630f6f7fee11e821f5
SHA1

877e535a8384e0853afac67fd17dcf717b8fdf6f
SHA256

e0c515bb34a4ead596a3bf5c8c63e268f375f270d1068da0126f635f553b0894
SHA512

c2e7d62f2d3a936f33fe8d5652700a3997e2fa9f87c2f538bfbd30ee9bf17c681ccde0658b436983b89463c6ba2fc05c312c4ea0b1acc1a898e1623418ff4e62
SSDEEP

1536:PulEaH6/sNlYhI0ugQIbyojM/G4kz/F9vVZrCWWoU2/3vabUT3WApO6C15:mlEaaVhIHo4/GBz/F9dBCpWvaQT26W

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3068	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3068	AcroRd32.exe
3068	AcroRd32.exe
3068	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eaa9b4cbea4ae5630f6f7fee11e821f5_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
aa9dda035c79d7e9b8b0647952be6baa

SHA1
eb95a5c33174aa798c3c02066c93e08a8f6ecf4f

SHA256
1d11004b554ee098cda046789386b9b8b4035ef467f6dc9d07617c7aa6b400bc

SHA512
059df2877fb64ea0ef0fc4b159d4428db3811117dca213816a66bc7740abc9464ed6d20d1278ab29726b1f7ce51ea2abaab83b7f19b319d000014461c966704b

Download Submit