67871d15821f1a16bb4b8e7386076d3a3adb91e176ed1859103d7a3b1400b83e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04-10-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11a4256b4014b896ad92b6f304886bcc_JaffaCakes118.pdf
Size

78KB
MD5

11a4256b4014b896ad92b6f304886bcc
SHA1

d03f26eac99639d1e4cea20affbb62a8cc25b41f
SHA256

67871d15821f1a16bb4b8e7386076d3a3adb91e176ed1859103d7a3b1400b83e
SHA512

76a0f22cbce18827ab15b3aea25c25312f914a852443b5594907c46a7cab4297c409043b1ad967f4a7006afdb372b66130f8359e2285f63d987966d3aa99bdab
SSDEEP

1536:arw5ebyMMsptBYp6S+TmmaRYEMpvLM0NU+M5eggdkOnL0ba90jatWx:6RmvspUEKmaRYE04+M5zgdkCPiWm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2568	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2568	AcroRd32.exe
2568	AcroRd32.exe
2568	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\11a4256b4014b896ad92b6f304886bcc_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
4f4f5871194e16952f8f7ba50f53ed0a

SHA1
465004a649de8de0677fb34482a7b3a2cf99320a

SHA256
477a59c9bff1f30464d1691eee1c4a92c56cee6e856776fb880452d52e24fb37

SHA512
8962e2eea4257fa7a607b9f3575dba31a467524786317f17775a41cf0ce2c3887bb2e38c8d931581ce2fedb2e5a4c0a559f7b5874392d0b22a3f5c645c92e390

Download Submit