Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 07:11
Behavioral task
behavioral1
Sample
ead2e698d7a24b9572bc2ca1c86b8705_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ead2e698d7a24b9572bc2ca1c86b8705_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
ead2e698d7a24b9572bc2ca1c86b8705_JaffaCakes118.pdf
-
Size
74KB
-
MD5
ead2e698d7a24b9572bc2ca1c86b8705
-
SHA1
5df727f160a5278778e38b8309d0a712f28ab04b
-
SHA256
22e57dcf25ce52995248fc7386992862026d427442690140c894b7e5c0ee8290
-
SHA512
66e94b94205da11af691875a8e756b87afa2b598a1e0ea1c9b11eca84fe2b45ca6393a86f9ae3e9bbf6cfe2f623fe61141cd0e5932c5b668708328fba42c1c23
-
SSDEEP
1536:vfoatpwrxeo9xJp8hh3FornXUNjrhXaryg1WYpO2z7WHBcWEeOH6sNi:3oatiIo9rpygXUfXZgc2X6BU6T
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2536 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2536 AcroRd32.exe 2536 AcroRd32.exe 2536 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ead2e698d7a24b9572bc2ca1c86b8705_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD555cd6a760321c53c1ca296bf3447ad12
SHA165e4f384da615a6329c8994053ef5256e8bad8d8
SHA256ce0931d7f9e4dbb5ffcc95c70aefdafb888639be95d69fbcb484ea865ab1380c
SHA51258d63274721bf6b43c41a817a992125bfc947636c176ea5e88ccbab1f9ca73a15aa0268750e7020f22f7996ebbcaa5f7187a0fc4bb7dd1cc3098e8f8cf338b91