856b84ce4af71b2112352452bb45c1ad64dc540b55b647d39586a5bec34b39b8

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacd0fd7db446a75dd33454fe0ad2adc_JaffaCakes118.pdf
Size

84KB
MD5

eacd0fd7db446a75dd33454fe0ad2adc
SHA1

00ce5fccb71199dd826c9289e04b16f06a4be69d
SHA256

856b84ce4af71b2112352452bb45c1ad64dc540b55b647d39586a5bec34b39b8
SHA512

3872bc6173c7531f05bc795885eb26e9047ca35b02e2032729c032631ae91bbbff7184c4d629d710ebf9f0ab3449fdb56f526c99a4f9d3232c305a1a5fe0540e
SSDEEP

1536:U8co/M9FDimUYn1Wk6N2huMTts6SlDRauW2xSWsLIYzSn1JnWspORUTW:pk9cmUY56NQTQ9W2xozC1JWRF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2128	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eacd0fd7db446a75dd33454fe0ad2adc_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
0b3af071b2a3a80bb220d7b53c9033da

SHA1
deab8e43288aa36dc0e777fbbde2e20c87ebce41

SHA256
4d378a1d31efb2c0ed9b599eac89b42bd18130bcd02e7728e54c6d273f3cc7cc

SHA512
1cd69c837d8a810a0058026d75365ffa1592bfc262cd20d6a7f946d1b2d6992ab39bacb21bd7f8194842286516ceb2f4ca6eecbaa8622f4bcb872a6eff46d0be

Download Submit