15dba6cb8fdf22daa0a45d4526d019d0c364ce1d8185e50d0e25dc6619c91333

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ec301bf72452bc49f31cda51d5d45fc_JaffaCakes118.pdf
Size

86KB
MD5

0ec301bf72452bc49f31cda51d5d45fc
SHA1

dd1bad15e98367559d5580f519efd9af3bc4dc96
SHA256

15dba6cb8fdf22daa0a45d4526d019d0c364ce1d8185e50d0e25dc6619c91333
SHA512

c7459bc65bff1a38fcaddc8e868fca4166dab60b141aa93ce6b4165a94ed4e21e7809a7f93dd2c5aa4980f4afe318c60ec34d69ca0ca0f5e77606d4e5b2bbc8a
SSDEEP

1536:ImryLlhGWW/IHE7lnOkr4I1cH8ocLQW9enHW6IvUFHJcW3rpMfAouLmceYWspORw:RryL2WWwHExOi1cH/9W9QIvU/pMGL3e6

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2904	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2904	AcroRd32.exe
2904	AcroRd32.exe
2904	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0ec301bf72452bc49f31cda51d5d45fc_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
3f53736034acefb975e7e6ccfbba4e92

SHA1
38e1c405185905a3a7095e2f73d58ec25e62f464

SHA256
4cefe0e43da98e72ae1f098d955f28457b296b72d73bda5c2e7957edbd9721e6

SHA512
8ffac5e132c69f08629d5f74b6dd487aea4699647aafd68b6b449dc0697ff90eaacf002eb625570cb4e12cb3dbd8bd7e22f7d8722905c0fe4b7ed23ca3df693f

Download Submit