87a380d4921121f1bb013bdf21099487b7c08d7601493e35c7f33641fdbd7695

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a4f6b0a81ed3d5aaf47c266356c975f_JaffaCakes118.pdf
Size

90KB
MD5

2a4f6b0a81ed3d5aaf47c266356c975f
SHA1

3cabf3d876a5844d003df899c3eefed0994e4552
SHA256

87a380d4921121f1bb013bdf21099487b7c08d7601493e35c7f33641fdbd7695
SHA512

c7822627eeb47921849333ae4a2c13adcbce77295762fefe203f622284f404c4cbb496426a6b621d38b14bca424faeb5c41930b6712b41d3ddab215a577dfb13
SSDEEP

1536:qS5mUMyKagVeAu5yQVLdSYjnvulwbuSJM6Fen84mFmgL2WxApOGzWLiIuKqULltP:N5mUMdeAC9RvuyJM6Cmw6j3G6iI5LL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2512	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2512	AcroRd32.exe
2512	AcroRd32.exe
2512	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2a4f6b0a81ed3d5aaf47c266356c975f_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b9a70cc42c1ca20dfb82d42f3db9d4df

SHA1
8c3e8e63290a09e642e6a110abeb3cd8ddf11530

SHA256
57ab4b7ea699a86d7369f01519ee7ac6a71c10f62c971d5438bb78001559d331

SHA512
1fb81c16cf2f4fffe1eb7207c95c2fbb18d8452ceb61af5bf624ca0897349e3b364cefc816d7aa0ffd2decc7753f025b6a11fe60a061dc89a5c4f689830e3aa4

Download Submit