Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
28/09/2024, 15:10
Behavioral task
behavioral1
Sample
fc90cbf46902787d9778fe480d7bc902_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
fc90cbf46902787d9778fe480d7bc902_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
fc90cbf46902787d9778fe480d7bc902_JaffaCakes118.pdf
-
Size
22KB
-
MD5
fc90cbf46902787d9778fe480d7bc902
-
SHA1
dc022ab8c4bcea51e374865bff8710997a6a5b64
-
SHA256
7ab89cbfa5d6d4747ac78f15542f67565417eb037d87d4f2118868c5994fd2a9
-
SHA512
4c00d226f4131a0b2fcfd827a300bc11f87ec30b3b87c1615b374ca1f52682524efab2e236736bf7f050e8e139fdf08feaec187f8a424cff4e10d318068c4e09
-
SSDEEP
384:Vzdd9womwOI/ez1+9TuU3HejO525cZajMqL6HYIYHYzlSdha9Ib26bmYlV2qIYzm:VzSoHHmz1nU3HejOQ5eaQu6rYilSdSIe
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2396 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2396 AcroRd32.exe 2396 AcroRd32.exe 2396 AcroRd32.exe 2396 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fc90cbf46902787d9778fe480d7bc902_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2396
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5176bd6e1e35d8085a3524212dd023595
SHA18d82efde589c528fd065befccd12d611afac8503
SHA2564bb4925adf0c653223faa4060d79ddf89336e7e59016e16cb4baf81abf434e09
SHA51246f777e7e5ca8bd698a07e3feef1de0ac9dcb46e40533772b2efc4f3858a76d0c0d7908bd25bda999a749abb4c38bc9e98f19310b7090bb0f59e5b32ac7c6a84