0c15c2a49f6f1b51683cd08f4e4fa5d16c983a97ff68d79fb1049d0749a1ab61

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

044ace8fe9e49e2cbd76700a64a4e084_JaffaCakes118.pdf
Size

84KB
MD5

044ace8fe9e49e2cbd76700a64a4e084
SHA1

d5b9418f51f25c7bb826e6dda29b738da952ae58
SHA256

0c15c2a49f6f1b51683cd08f4e4fa5d16c983a97ff68d79fb1049d0749a1ab61
SHA512

6a210c68dad4838abc3d667d1032baadf5f399eb47648446ac911c42a5d2a6ce9b9554863730452b956eb995fdac5d9a3e8ec182b8b34edb3a69794701cca7af
SSDEEP

1536:8rcuRwgBCXmf8ATmAFErLHONnNPULgtdJJ7JzKET8C9v7WHUUUbMAuJ2ZxWUpO7K:iJCXm3iAFiLHONnCLgtdJaET7vQUUjwZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1952	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1952	AcroRd32.exe
1952	AcroRd32.exe
1952	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\044ace8fe9e49e2cbd76700a64a4e084_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
1ea87815a5241c3d3611f1000eae53e7

SHA1
264ff58b0051ca4ef02a99cd262f0d6f76508623

SHA256
9022b195aca104cde22ac9739f3a6c18202463905a376d50964cb9a74a6a7946

SHA512
dd0eef867c997e1f6e313a2648ec495872aa50292f584bca405f932837476c15f0ea66a9ca2ca1fe20d8c24d0df5d62b21badff4b6896aa28cdf0fb20f83b680

Download Submit