779d96c0d775b25e5098e0dd73902eb591e635ab29f508e1327b31e70aa88946

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25ae78100574e92fabb887de8c49d827_JaffaCakes118.pdf
Size

53KB
MD5

25ae78100574e92fabb887de8c49d827
SHA1

e4fb7ea8cac94b74d4d44eb374f42d62b2658007
SHA256

779d96c0d775b25e5098e0dd73902eb591e635ab29f508e1327b31e70aa88946
SHA512

fa4fdb3931b73dba6ae1053de7264d6e3e585640f0a110fb221f881c20e1832132aaf2d94072931fe6add7f75fabb6ef2fab30505b4f7701a13be605f6fb8252
SSDEEP

1536:8JEJAXT2dB614DDL6ozCHtUv4IsqPRqNXCCVdZW51Ts:eEAk614DqozCmsqcCCVdS14

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
828	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
828	AcroRd32.exe
828	AcroRd32.exe
828	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\25ae78100574e92fabb887de8c49d827_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c31918a794cbef97641b5d6ccd0b8cca

SHA1
acfb7e388500e98de64dfe237490e4992e970700

SHA256
66a546acd1112ccd3c014ac2f4c7f6538f1dccbec40cc5414d8b9a5d9ec1c28a

SHA512
332ce87c544c5cd2213475f1f0b2cdb962031c512ed9bfbe979351b6d10d95b642a7b7c6d450fb536edf66e7f7e25f156daa0de2187d230b09c29ef913e86628

Download Submit