3be1164dfdf46544d7ee4d0335fa884bed714519cbad7ff48ce62051b0a06af7

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fca9bfae916e0cfab8c7f3a4964150a2_JaffaCakes118.pdf
Size

41KB
MD5

fca9bfae916e0cfab8c7f3a4964150a2
SHA1

c054215c0cfe196da22559239de2d01fe2309aa2
SHA256

3be1164dfdf46544d7ee4d0335fa884bed714519cbad7ff48ce62051b0a06af7
SHA512

420a7f953db7bd927c2038321197f04accaa39ea6785f1d22b0c5d0049660155584833044481104519b1cb29c44aaa751ac760e243bda176b0889c91c758637c
SSDEEP

768:9mXuMZmwgCLWarAzlApmTjEpik+pJXNgXP20Br+1diQ4r:UXFZmGWSoAM0piYP1B8iQ4r

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2200	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2200	AcroRd32.exe
2200	AcroRd32.exe
2200	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fca9bfae916e0cfab8c7f3a4964150a2_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c59233e60db986694ffa7bc5d8e41a62

SHA1
edf5ca1889a416e0084812e98bfa8b456eac7610

SHA256
7523d2e570e04f023031702f617a025b232e00ba9c9192b8ce27666463739f6d

SHA512
c05aeddd72735c2125cacfbe83589d6482a1dd150f12e0343fad1da4b954d6cc5dc3f9461f9d14c6691fa5f60894b0b20fecf163974008f5f1e207af4d42f10d

Download Submit