1eeae4c4d3bb11662c8419afb9f625dc1f7b526490911e0d3dd3f7e7bcff3ff9

Analysis

max time kernel
96s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff24535398ce7764b42e1264ddbc311d_JaffaCakes118.pdf
Size

134KB
MD5

ff24535398ce7764b42e1264ddbc311d
SHA1

d6df41ad4d421ed6f231cb07ea5b16ab18f29f68
SHA256

1eeae4c4d3bb11662c8419afb9f625dc1f7b526490911e0d3dd3f7e7bcff3ff9
SHA512

7ff62df0d6e59d0e1c6250385e7c939af5cecca0d8eada3d5d491edb397b674f7d0fbedf34765c4c2f6a831ec183e320d180817b58abfb5693c6e22cdbf3a9b1
SSDEEP

3072:/ysOW6V7b8tdZZy97Lxo+KGGiY9LskD2UCAUWNmiTwSHD+FKhlI:/NtrZu3KFhPqUZ/N9DmGS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2276	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2276	AcroRd32.exe
2276	AcroRd32.exe
2276	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ff24535398ce7764b42e1264ddbc311d_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
45eb486ea63fe4ccad9739314a5ec90a

SHA1
8d529e943e88fefd93727e79d0a0683120c9c8fa

SHA256
fed933f1fb04085e6102a8344ed3af1bd46be5ca603a5aa522bd1d54fbc22717

SHA512
aa36f539c4fd0d1907673c44e8bee38d279611b70e343455470720ddcdcc9f21e3ff4af8fe56fae7a029ed8b1fc304209080b774a69ccbcaf026ec6b2c3f5a12

Download Submit