04988b93e9e61dc5f70a45c27d0e757cf5caa7eae6be42d67663c7917272d44d

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 03:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

08963f8ad7dbe1895e812286638f73ed_JaffaCakes118.pdf
Size

80KB
MD5

08963f8ad7dbe1895e812286638f73ed
SHA1

c58dc3a125ad578ad2298839ce45d4787aebdccb
SHA256

04988b93e9e61dc5f70a45c27d0e757cf5caa7eae6be42d67663c7917272d44d
SHA512

306e5d1ee01fb89c813b65169ad7c7978e942113428881686df04ac6008910d277639aebbeb8a3a63601c52844b5f0cf5766d8e9c289ca1b117ab15cfa75bb04
SSDEEP

1536:+xFxinuO3yUvuH1me0TjMp+m7Nl1R3jiKRWYNjQnBo:ceyU2/+mRljiK0YNjoS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2792	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2792	AcroRd32.exe
2792	AcroRd32.exe
2792	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\08963f8ad7dbe1895e812286638f73ed_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b90f067dc2aa9ab6af4ea6f0823bff9f

SHA1
83ffea287f06d933bef4c824d8f9e55ac7d939e7

SHA256
e78bff2b8cc9624ed32ad1b1c122a95cbf993615319e163b901d759cee5ce470

SHA512
9eb0ae6287c0b8e1a05511e05005f73e1e0c8d5faba2b5dc9b35fa0024e3909cee60b5e526b7186f331fd5ada3ab1f822caa637e9892ddcb7bfdce258c23d84f

Download Submit