0ce15c7da6e1422ac70911fed8de59ef699c9e77abeb47eb87232a1b674284f3

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

185c14c6485eb1bf00722c27d983fe66_JaffaCakes118.pdf
Size

84KB
MD5

185c14c6485eb1bf00722c27d983fe66
SHA1

a03ac4e7b39f8956cbd3b3737033ad28b51605d3
SHA256

0ce15c7da6e1422ac70911fed8de59ef699c9e77abeb47eb87232a1b674284f3
SHA512

946b4eae28bd82b2d0f408656a90dc3e8b430540dbf8b344ad3f5a509eb1b2ac9388fc5d4246153483ad79e2437f746b7bdef4b1592048f3d1c241d6a28a5628
SSDEEP

1536:KH4mWxxWhV2G4LiChlomMo1gOYSVWUq+y5ZWbpON9W2m/SVCL38GP2W:1EUHjMo1S5bNWyCLs+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2692	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2692	AcroRd32.exe
2692	AcroRd32.exe
2692	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\185c14c6485eb1bf00722c27d983fe66_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b5d5957a531e0727af2e9a92710176b0

SHA1
b583cfb5c20a264716bb8477c19ad693494c519e

SHA256
ec1316f473494c4d291a51ef21f44de26f418418d6c85a1ad2b732edd7e90548

SHA512
5f1d9b8bfed1725e43bb3aeee721cde425faf86d49b7c7488ec1445299e9d814fa8925fe265156f0fcd5640da63b1f17c3ed4f6e01972bb05f4b4eb26d7bd590

Download Submit