Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19-09-2024 06:19
General
-
Target
eabf856abac1893d8fb62153dfed8c43_JaffaCakes118.pdf
-
Size
11KB
-
MD5
eabf856abac1893d8fb62153dfed8c43
-
SHA1
9797d35fcc64a1f5c83575f30d28048d5cd388a7
-
SHA256
7f5c8d7a625a252fb69c85303ddac5ebc9e8be59f99fc373efd4d724661de454
-
SHA512
9b0c393418ce8e62ad5e4801c5476d3a99ee2fd1b26b622429e7d86e2230041e0022143b79a1fae0514b853ccbd5e1e580a42e1c1fc1dd1e0d3a6d9d73a10cff
-
SSDEEP
192:bONbedw+lJ5R3QYejRWxmoAYdAkzqEzCkOZ4gZuO5TbbG3:bONbedw+lJ5RNiFVYvz1QKCG3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eabf856abac1893d8fb62153dfed8c43_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 7602⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
472KB