Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21-09-2024 22:04
General
-
Target
f0b3270ca660057b2242570fd69ff080_JaffaCakes118.pdf
-
Size
15KB
-
MD5
f0b3270ca660057b2242570fd69ff080
-
SHA1
0a74965fc6d8974bb147188899ae3854ea07003f
-
SHA256
a259c1e6aa23f0196a1607e9ffb2c4919ee6e018e1c3b386f7bc1c0cfcda68b5
-
SHA512
591c3d4864ac583a42488c946a0def85c45775f3ef3f20c0a8eb845364c5a3fbdd0fd466275fd2d09a57626e76afc333f3eb368a0478e4011b8b63b40bb65adb
-
SSDEEP
384:4ONyCeewIjJizRGJCL+4SZiMYsja5PK7PEKTL6LQOyxwpu7a7GwOuv:FZ8Cs
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f0b3270ca660057b2242570fd69ff080_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 7522⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
472KB