f3a45d1f06e2945ef6f36e9457a5f4474eb16241f83ba561771a3dddf77a0c3b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cb809f6101bf6cbf46cc6d5b8a40a90_JaffaCakes118.pdf
Size

57KB
MD5

0cb809f6101bf6cbf46cc6d5b8a40a90
SHA1

5b5a6a1a322cf657a9fdf81dbe32d81ca8f2872e
SHA256

f3a45d1f06e2945ef6f36e9457a5f4474eb16241f83ba561771a3dddf77a0c3b
SHA512

448345169ce5070112ef1ff7fd8eaad1b625a1ef43d59348d38a4c0e8a9d320b4c2209a384fa5e10dac302b19bcc6ecf7b765ad65c0ae8d428c50fb04127704a
SSDEEP

768:7gGzpDeJs9xO2n4SokiuF379C00+gc1oLN/lAgW9pj9B1fDUNwJ3oi1L5SI:EGFq69V49fByoJl49pj9BtI8oEL5f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2980	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2980	AcroRd32.exe
2980	AcroRd32.exe
2980	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0cb809f6101bf6cbf46cc6d5b8a40a90_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3317453c779995b7eded7b5eb81036d4

SHA1
24bf5d04ea9942da6e72b2e9f1ed4de1c70dcd11

SHA256
c24f450e941155cb36aa46b38040cedf6234d496193b0ba837933f0d52a8e1a6

SHA512
c8a1349bb27011d6b7d25a693a7c2c50b6fc1a3322b0be531f978e39333661e80b0e32b3b22777a4ee52f1c86893afa34fcd186f5151643e939612c80f8cbcfc

Download Submit