06636a3893339bff168952772c26ecd12b0bf4d82f6ed07285da13f2d8ab5067

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaad9c8701d1f5fe913b4d736bc0e7e6_JaffaCakes118.pdf
Size

37KB
MD5

eaad9c8701d1f5fe913b4d736bc0e7e6
SHA1

12f9080d062877e58b0395a0e996fafbfa226fd9
SHA256

06636a3893339bff168952772c26ecd12b0bf4d82f6ed07285da13f2d8ab5067
SHA512

56d70d565d8aec523ea6c796f61effea9f306bee73755a553cf3c7416e8599147871cab0dd994d860b748d57d293ca7e4cf4672b114b88541e2bd4df5f63bcbe
SSDEEP

384:2/QON8MUG6Qgw0JZCTzz02YFnarX2cQJiS0Jv4YRkJMjXAWcuLp4U/6aHH8pbl+x:2XuMZmwgCLWarseH8pouBMYrb7YqaPmy

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1400	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1400	AcroRd32.exe
1400	AcroRd32.exe
1400	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eaad9c8701d1f5fe913b4d736bc0e7e6_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e4e9ded4708233a1b5aa70188789481a

SHA1
4f780ddabb3678d8187b0d9dc922a666dba53860

SHA256
3d9ad7a4a1ae1f53a4d3084d35a317cd883279ffdcc768a87b87fe8356181fbf

SHA512
affc7b178a0018508b2f8a7eca1899636620585f8e9d92c981c75f8cd332f65b40850c7941ceb1a808fa9c76de67a66153398b215fd5f3dbc9a5e919a99c3f71

Download Submit