cd66ef35505614e85427fe555e204ddbf8016fa99bf2621f6bda3f3df32600fe

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac958d7811817370497f12888379e05_JaffaCakes118.pdf
Size

42KB
MD5

eac958d7811817370497f12888379e05
SHA1

cbc97e63abf891a4f70407d57ded9fa8374738c6
SHA256

cd66ef35505614e85427fe555e204ddbf8016fa99bf2621f6bda3f3df32600fe
SHA512

2fe16e57d90ff761a373f20cd4398daf27d944d7ec5664ceaf0f4cc31c88067abb56716d3608f01b808feb123c165956d4ec2d826dc307686d3c354915b9dd8d
SSDEEP

768:GXuMZmwgCLWardE5Hpxu1Jz9JRST9Znh+La5yS1ctdqQ02ws0+lR5uTINHesbEbW:GXFZmGWS+ju1Jz9JRST9Znh+La5yS1c3

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1348	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1348	AcroRd32.exe
1348	AcroRd32.exe
1348	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eac958d7811817370497f12888379e05_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
548bded6820a6f7f8eff3a5d8b2277aa

SHA1
5311f1970cc8b84f6baaab1aa6a45a6e1747965c

SHA256
a5731668090683b46038089cf4a441c8c304ee58f94d0c0124fb1f1887c2e1c4

SHA512
bd25337b80c8cb86f2501f6ffd237d27087e1667ac8b3acc966a04cdd2516195511b2ca1cf920925d9a9ca1abc88069ae198697594b60fa30dc58401af0610d9

Download Submit