86a1001bfb808214ed33581107638409c7c617222b000a551effdb84dc92e013

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

083c3acdc61d94048a5c0426f5ef13f6_JaffaCakes118.pdf
Size

45KB
MD5

083c3acdc61d94048a5c0426f5ef13f6
SHA1

7b793c6b8022b5d130342dc9171f2f2940e5eb67
SHA256

86a1001bfb808214ed33581107638409c7c617222b000a551effdb84dc92e013
SHA512

5a38f45dd206ddf143223035a1968cdbcd6046d242288599a8f75d6deccd470f25a092f6987ef3cf205b314e8f9005be3c69572a382f6bc1591ed6c2bb82b21a
SSDEEP

768:GzjAv+hzXjBlXufCSocHEzq3mkGaSeR9HHXxg+6e3h2PPvVv6YFJXeS1ZzK:GzjAv+LlAClw72kG583v0Plv6YFJXtXK

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2512	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2512	AcroRd32.exe
2512	AcroRd32.exe
2512	AcroRd32.exe
2512	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\083c3acdc61d94048a5c0426f5ef13f6_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
63d8ae9b39fbe4769d5add5d0c2adb9a

SHA1
16fe17f9db3fc95913d43607bba192c4826e085c

SHA256
4cc5a9f08acec6312b91a0f623e73e67da628dbedf6c63ae47bcfeabc0c6bc7f

SHA512
dab2047396d8cb71c935efbd0997c39fc15be1498097342f4a75c76d38cd9f8d21243d8a04c4871a284c008b3289b811b9e26f2e9418bc7d55225c80726f7365

Download Submit