df5dea2f93e295e8f63a01b8c506cf3b15d68e5e3469cdafcbf8427e3dca0d64

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

175736ea8d8616f13a0879621e7accd8_JaffaCakes118.pdf
Size

94KB
MD5

175736ea8d8616f13a0879621e7accd8
SHA1

5a7dd53ce8832e507579d2fdbee6ccd9bf81c365
SHA256

df5dea2f93e295e8f63a01b8c506cf3b15d68e5e3469cdafcbf8427e3dca0d64
SHA512

355890a6e584c12a84e8986d2d5510a4de12a69884f03f3a0ba7bb0aaa043adcaae4ad217af434e17abd25408d053a494047de4d81d51240f556c200fb18820b
SSDEEP

1536:iYbYqZ0jVgbS/dd425pRstBRvq542kE+LswT0fm90YQFh8ErOBvW7ypxWOpOaZEO:XiJT/ddJStPq5Hd+LsD+0lfrKv8SqaZ5

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2476	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2476	AcroRd32.exe
2476	AcroRd32.exe
2476	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\175736ea8d8616f13a0879621e7accd8_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
23be3e2ed5a8dd39f445e9fb895096ad

SHA1
87fed8f11fc4da50ab035b740f9aa0cf8749e7aa

SHA256
3bc38d97c82c89fd320b8cf9d63c083f63650f3b98c9dc18907df4087b0de11e

SHA512
0cf16c4de610c965c621bda151b32ea34e3d0b1bdcb43cbb3375f23d4d48fdbce7d5edbc9c294875eb02ba918ba101be983632584aa843ec2571198ce31a195b

Download Submit