16094257417c6afe8e765fa4fad8d34c1dca968a695214c279eee033c7b6ebac

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 09:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa2ff9d1beae1ec1f3e2656f08b12e26_JaffaCakes118.pdf
Size

50KB
MD5

fa2ff9d1beae1ec1f3e2656f08b12e26
SHA1

0a2b72073a0c7bfe529aeafb4f9d86fb64df6baa
SHA256

16094257417c6afe8e765fa4fad8d34c1dca968a695214c279eee033c7b6ebac
SHA512

c3f39302732c2b55790080b2d74a75edff0eb691a3168a990e114594f31e7733247a6d9b418b5f3ec455bae27a27c0c177f8015a591834529d5de6f705790ce1
SSDEEP

1536:aZT5d7Sc9tKBqdq3hBougDzm+pX6nyH1/3zdjLscFm5cPppCDkhDwLXFZmGWSrW2:afMgA4sRGnv516MVpLscUcPMIDwrysrv

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2092	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2092	AcroRd32.exe
2092	AcroRd32.exe
2092	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fa2ff9d1beae1ec1f3e2656f08b12e26_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
f251709f368b16248de04947f4c20090

SHA1
e7c2be3ee14889e71438da0bfeb2302488f1e045

SHA256
3685b4f833532a47c835b28cba6bd2356fe6a7d9bc0160bff2c0023f506b2074

SHA512
2976c52f427a9cdaaa30469bd32b229ebf7ddc31cf52cb620c24eaa5f17007e7e58b5336c996f6499ad2a1c4353db1121c5e1052929c4fd46e2ded16af626111

Download Submit