bdfbcfd8557f218df399e4c57fe9535452820ebe484b17659d7a80001b43004e

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd898981d4ea0dadf95b966bbb5e6040_JaffaCakes118.pdf
Size

86KB
MD5

fd898981d4ea0dadf95b966bbb5e6040
SHA1

cb5de82cfc1035ee54549430d33d5139ded4e0ab
SHA256

bdfbcfd8557f218df399e4c57fe9535452820ebe484b17659d7a80001b43004e
SHA512

816af94e6d1b638381cf1e7415135178b0615c80043c3b47491a5c12c9287fb8bcf8ae415139959bf112bcad08c29fefa5afbc9e850a8ce7add3fe66c5e97916
SSDEEP

1536:z0Dl3oMjkptFWq368lpmmtaYwpIslqrK7YorbwaSJjcbiVWUpO7qWfwjibu+zQeI:oDlH4PD37p78YGlR75SKbi471w2bXQeI

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2088	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2088	AcroRd32.exe
2088	AcroRd32.exe
2088	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fd898981d4ea0dadf95b966bbb5e6040_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
dbbf3814e6a48bb1e8de7402626673a0

SHA1
0666375f585394ef36f7053c2e343e94438fa2a9

SHA256
cd1cdcda6006603d8e48d957cf3c7947498adaf1f9467bb9d7f49ed6c5f35e8d

SHA512
06e2e996cf9ec9ebc483592c5fb5aa556c5fe2fe919ef377894dc0d37c76f90b444951cc57e3dafd42322885c3749dbe6e3f73200c5ef1cb6849064759daac2d

Download Submit