c8c4a889d3d1bdc8dd08b45dd5612401b0e4c4c58233e7f065ebc61a9a6c326c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

271ea75c1cd679529e825024aa9484cb_JaffaCakes118.pdf
Size

75KB
MD5

271ea75c1cd679529e825024aa9484cb
SHA1

0b8480d553ae62ed82d948a8d28890c391097006
SHA256

c8c4a889d3d1bdc8dd08b45dd5612401b0e4c4c58233e7f065ebc61a9a6c326c
SHA512

0b8f5621b928a358be102c0971a7de60cb52a3230df3f344d61a866fe7d94f3feba7921d7d206fc77e1783cb35f4f53f3c31e782a9d5b8c4fd2480dccad9d2db
SSDEEP

1536:QJe8Mp/H++56evxXldui2y4X3wEZb6PUWiuZMZWbpONiW0japA6COFT45XUc:a5MpH++UeLdwH+auZMbN1hFT4F

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2824	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2824	AcroRd32.exe
2824	AcroRd32.exe
2824	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\271ea75c1cd679529e825024aa9484cb_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
f8b94b9e3e6ca976cc6967fd90108977

SHA1
68693035b820cff614954925ffe3a4c85870d041

SHA256
c1fdf715a714b5988417ff1bc84f72b92dfadfb369b8116582366f4bf24fbb2f

SHA512
5181d7a1f940639f983463ca95936228f29fa13ccf71203c7123770e561590a6bd799291fbb67d0baef96acd8ce4e88c99e2435fe06be11a1e13bbd24f837cee

Download Submit