01c491012c0a6afb0b7122f5803df157e8ea0244ba5fda75d7b24d2fe770a947

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 06:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f559dd97b13fd5ee48e4d94c0f1c1adb_JaffaCakes118.pdf
Size

83KB
MD5

f559dd97b13fd5ee48e4d94c0f1c1adb
SHA1

a6ceecab20be2b61dc4263d9b0c084ac80b981a4
SHA256

01c491012c0a6afb0b7122f5803df157e8ea0244ba5fda75d7b24d2fe770a947
SHA512

ffdf7590666f4fbf234b2f0fc21909a874491463d14adb0dd141cdfdc5a818cdfe76380032726224c892f2d847f51f7688b9bfde15887ad1eb8e867366b625a1
SSDEEP

1536:NT3Z0AuGQgYnSxlxQXyIYKyYWbcB+uAyQuUuW1r/EiJvJ1xHLWQpOCGUv:hmLSx8HyzbKAyTUjr8iJvJ1xH2C1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1056	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1056	AcroRd32.exe
1056	AcroRd32.exe
1056	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f559dd97b13fd5ee48e4d94c0f1c1adb_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
cd363e21ae2c99391a2943c29cb0314c

SHA1
9cb0ab1bd5bf3e7b61c5122a59a031952782fd7b

SHA256
915780b77f12edaf741e449aa17b9a57518dcbbac6d5c571ad07d8ba1fba3eea

SHA512
1727481c438e577acd035d0a1227866650163fb2d83f6bc0b118a14d21c39898b64d10a9f232956d7446aee833323090ea0959b1e025caf0bd2e27a5f8a97101

Download Submit