bed7f18f06bcaf00edd4d606aff0fbc8b0b4be36ba7f716e3a7b1fe93700f1a1

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13bae8691787b801e02f742ccad18f3b_JaffaCakes118.pdf
Size

80KB
MD5

13bae8691787b801e02f742ccad18f3b
SHA1

0859e5ddbe90851e7173a9832be764a3ef8ee94b
SHA256

bed7f18f06bcaf00edd4d606aff0fbc8b0b4be36ba7f716e3a7b1fe93700f1a1
SHA512

c665a2ae1a780974c7ad386b0481aa5baa0755fe47dcacc01ec02371eafd07497fd8c84c7f9f3f364a6b23e7293f64da56c1bdf480411f54b895e6226ac2fe83
SSDEEP

1536:KFRgP/6iipMjMpq8Dpit8c/u1XvQj1arZ8566WveBr:GRY6ii+jMo8Dwt8cmRYsrZ8566Wva

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1812	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1812	AcroRd32.exe
1812	AcroRd32.exe
1812	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\13bae8691787b801e02f742ccad18f3b_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
955b499d3152d885ed2896f597b94629

SHA1
0a47691e87c3d455935d406673a646f4cf69c9d9

SHA256
38451d7ef01e84849d2975611c94f61222340dbd09683c34360778bc95304c8f

SHA512
97f44496cdf3e5963a6acc807aef280eba9ff157d9492e30b43405e50be385baea88e6a309c1e218ad7e34f4275e5f7850bf321811c39394091d9a7bd68cfc79

Download Submit