610e84702eb8535bcf8a8ba7c3c40a4c98702204f8359d3b770ced0e0996d458

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 01:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

289031884ea90bd377a6b5cdef96eb6c_JaffaCakes118.pdf
Size

66KB
MD5

289031884ea90bd377a6b5cdef96eb6c
SHA1

d713ab6cc931045d5844aac0f25c2f86d16cd9bc
SHA256

610e84702eb8535bcf8a8ba7c3c40a4c98702204f8359d3b770ced0e0996d458
SHA512

36ac16af614f47837823bb97dd431cbbbc4c24cf8adc26f84a2ea02ede3ee56baea5d993aab3378a834941cef3e20b19ec9656a25ffa1962e321cd2859a09174
SSDEEP

1536:rQ6TBon91YynhT8GxRa4opFcjRr0JiQ1gJFu3:Zi9+C2WRD+c50JiQ1g6

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2100	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2100	AcroRd32.exe
2100	AcroRd32.exe
2100	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\289031884ea90bd377a6b5cdef96eb6c_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ba7b7abb135872bc3e9b8c7dbdae3541

SHA1
dc1782092d11370a3aaa2db8f66f57962e38b21f

SHA256
fedda37e9a78efdfb57db22d5308cc96fd1202f665020cd16e592dc1f9f4fb63

SHA512
de59fa10513fa9a8e0362f180a4747b2e2b198860f126ace6e1f4a439c9fc6571debe533ec702b662c160b9214ce36f66975b2885e7cce7a57fe19c570fe31a9

Download Submit