2bdb55271650823dff3de2d6641d26a074dc7a1dfeefb1489c9641ac439baa87

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 17:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ebe0e75537cac1d2d05521adde5b5602_JaffaCakes118.pdf
Size

86KB
MD5

ebe0e75537cac1d2d05521adde5b5602
SHA1

73ecd3b46183cd795fbd4bbb958d425a1b7cf8c4
SHA256

2bdb55271650823dff3de2d6641d26a074dc7a1dfeefb1489c9641ac439baa87
SHA512

57ed2e9fb51a86599f0d42dfe0eebe5c8bb7b675822cc8f6a5da4754546c577175837f0057baf3dd4e622a7ba49dc160e207483a6b40b6a5d3fdf8c0f1d75ecd
SSDEEP

1536:UAWdJ91Y1LiBtB4saTqgp/O9+oi1udX1AUxcWEn1DNLmYTLWOpOaZVeeIN7Codd:16910iB76OgZO9+Pud+Z1lT8aZVeeIF5

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2304	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2304	AcroRd32.exe
2304	AcroRd32.exe
2304	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ebe0e75537cac1d2d05521adde5b5602_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
183624092f1662d19dc7422bdae66fd4

SHA1
9024f38ad424e882a3b855d1bd63819faa4135ff

SHA256
aeeb73c9d3ca90e67b8aafacdeac8b78b3a18f49f772f6bae5b06ceab67bc53b

SHA512
a86aa2743471ce4ac59341aebea259d651fd0c36a8585d834610a0a0c755bb41e69d679b3d1a43385272e650152758b3f73d5ad2634bf88e561bf72316089032

Download Submit