4fc0393c5dc53bed1b70b3faea6cbedcba605264babd4a094266c5c4511dcc05

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

257eaa59b6481ea546ace3d7efb2491d_JaffaCakes118.pdf
Size

77KB
MD5

257eaa59b6481ea546ace3d7efb2491d
SHA1

77ddc9ea9ba505b4d3ac2ce6167c693c82041868
SHA256

4fc0393c5dc53bed1b70b3faea6cbedcba605264babd4a094266c5c4511dcc05
SHA512

31dbd2403f41976679b13043826aa32d3a0ea9d60407da104da8a096057434e151c77abd4cd49ab86680a801aec74ddeca8858ddecd82365818eaf2be2087501
SSDEEP

1536:WqzQwomOoZeK7dSOKJVyZ7Skbpq1+nAztN9aLf5LWkNpOP3zqR64YvBWmdN6sJ7Y:Fbom9ZeKpSDJA1jbsUAz/oaPGzYX6i7Y

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2112	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2112	AcroRd32.exe
2112	AcroRd32.exe
2112	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\257eaa59b6481ea546ace3d7efb2491d_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
6c08facffea46f033bcd8fcbbb04548c

SHA1
a7f048b9c362a35fadf06bf38ca14e4859dd9913

SHA256
2a13299f3851be765b5323a2ccc5c08f7df9564302f0fdb2ad6d832d69a936ef

SHA512
796658510f69942488175a5fd42d3abcffacd755f79593fa0368f2a6bb00050c348cf590abad88d0059af6d3823afc7aa9c19f6805ac2ef801927d13e63ad62f

Download Submit