101be3a84d8aef871263a696eaf2346762d0dd7c312c470f129d6a9a77a63140

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eab97ad91248413bb70aee7b63a69f22_JaffaCakes118.pdf
Size

45KB
MD5

eab97ad91248413bb70aee7b63a69f22
SHA1

5e3b73d999105599d12fa9b40ec8012f043f68f7
SHA256

101be3a84d8aef871263a696eaf2346762d0dd7c312c470f129d6a9a77a63140
SHA512

6e947df54173ba16cd0a16190f3b2ec7ffc5a3b3d84bbcb6bf65bcfd45eeabb38430c050d50c1cd3711d9625115e8d35c29029cf6418d7c5d15c89c134647eef
SSDEEP

768:Q/qUmPmGC/iNJkwMbL/MmWSkBJj1d9GSEhz66mxakKmzegSX:pN8bDMmW1Rd9GSqzdmxBKqNSX

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2788	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2788	AcroRd32.exe
2788	AcroRd32.exe
2788	AcroRd32.exe
2788	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eab97ad91248413bb70aee7b63a69f22_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
5e3422a176a46d69e68880a3b7c1349e

SHA1
e3235c9bbb6e488507b9e237197f6ab375149932

SHA256
ca23509853e4d06fd4ce09d9539de86077c0b756d1c96e5d405bee9ea25d8f65

SHA512
9ee89455309038c7101e2e1a1142c1fba51b0b1ac438872cb7453f6074ee60a22aaf216c4a669e1b1b7429fcc953f0e38a7b1f99afd4c3e9b44751ad1706e4d2

Download Submit