a8b8f713ec9568099192b9e83ac71539043da545bb871cc9d3ca24deebad3c67

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead20bcf1660e5fc26a0c8f1432a31f1_JaffaCakes118.pdf
Size

79KB
MD5

ead20bcf1660e5fc26a0c8f1432a31f1
SHA1

824580e6f3ae561430018e4526e26be9294e14f3
SHA256

a8b8f713ec9568099192b9e83ac71539043da545bb871cc9d3ca24deebad3c67
SHA512

e5d8d6312299695f42ba00436106e3c3d0c087444dcb813bea296e01c060c64da45d1c7ed2808b83105ebd2ffdd492fe0091c046dc8a588a8136ec1e9a728f53
SSDEEP

1536:CnUtQ6ofYtYlgeRUiQrqZyoK/X9KAm63GinZHWOpOaZEWY:NQ6HtYlZQrqZyf/X9KAm6BYaZ8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2640	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ead20bcf1660e5fc26a0c8f1432a31f1_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
bb4b983abb998f0c0bd4ef978c9600ec

SHA1
61f430b7618ec1447e66d756c3c1317349c231bb

SHA256
46b0c2f836ed7f6cb87b5d1db24cdef773c49d0a724bef55f40f644646873cf2

SHA512
2a5a847a8c5984b258be6938d72a30ef6f565d42e1b4a185097aea4fe4af4ec3e967fb87b8020c4c6da4ca2333551308ddd091fda84c4b1ac7485bf8512eb8a6

Download Submit