6dd351b304fbaa7a17be1321ac3308b3816b3325ede246fc017d676be58d4a08

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb61c122833f1ff1203894514d58d271_JaffaCakes118.pdf
Size

185KB
MD5

eb61c122833f1ff1203894514d58d271
SHA1

a67d9c4cdf6fe19cff52873b039cfbc416c01199
SHA256

6dd351b304fbaa7a17be1321ac3308b3816b3325ede246fc017d676be58d4a08
SHA512

2dd0c562bedc207f13891429bcd7d2626504e3fc722e2a2acd25ed4bf4a7ce1b597b4d0361ad583c57d14cfd4450b9759e24c1a50196d90bc257a70a856a4603
SSDEEP

3072:Z2irbxzGAFYDMxud7fKg3dXVmbOn5uC6KjnHVXuEh5vOO9xdbZ1ZUOKESO:Z2MKlWQ7Sg3d4bOL59xdF1rd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2316	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2316	AcroRd32.exe
2316	AcroRd32.exe
2316	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\eb61c122833f1ff1203894514d58d271_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
34749fe97ccfe3f8a04271d21e39bcc0

SHA1
b357522a827ad6233868e60a8606f81d56139acd

SHA256
2f6b413998b6991797494ffa13e8240494dd04c862aa76d574389570e1b3f919

SHA512
033007d32442c4b0964d58c82050b86840f6e5b98a9d5674be3f086f77ad19de420592a3c89f85740b77885d3df079c48514e71b54e1030f5ebaddf40930613e

Download Submit