Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30/09/2024, 02:30
Behavioral task
behavioral1
Sample
ffc5e94bee1926c29e3c4528cd527bee_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ffc5e94bee1926c29e3c4528cd527bee_JaffaCakes118.pdf
Resource
win10v2004-20240802-en
General
-
Target
ffc5e94bee1926c29e3c4528cd527bee_JaffaCakes118.pdf
-
Size
291KB
-
MD5
ffc5e94bee1926c29e3c4528cd527bee
-
SHA1
3a6b172d6f1df19581fb32034e2b3af1bc6a0378
-
SHA256
0ffe8e93c550985d0be5b05e3168de9bc86d5846a8df38461da082623dcc5663
-
SHA512
36767961bd498ae70ff758b3b3fbe59f59b67cca4be30fe62e3f9a83c8773ea332a2485110e790d78f84622950ce91b19891d29dc2c3b13459ec1c714a11c622
-
SSDEEP
6144:cTyPXwqMXeNdSS+pHk+NJlkCYA4Mi2qwZTsPA54Odihs3/fFwHK:cTeXwFXeNdSW+VR4MitwZT4JOdke/iq
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2848 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2848 AcroRd32.exe 2848 AcroRd32.exe 2848 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ffc5e94bee1926c29e3c4528cd527bee_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD54a3cc43161d4446e3c8fc76ac0e52f75
SHA1dc15d58fc3844f1c9ce6339fa8e007ec271cf8a6
SHA2565a658128374f0289fa3fefe19d313a88dd2ee73212d83948d680b3f043efe206
SHA512c444d5fce70a8a404f4a0432e2a8cc68fce49873e76b533008abf1065119e6b2bf24030f31a72294c209e53a2b97a2f4738e29303e3f5085fbfb872d316a9684