548cd17a87d9d29c8926b021463d0d719acd449233de6a4f885d623523cebb13

Analysis

max time kernel
96s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-10-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d2c490c6062555d2e47da1c778b3712_JaffaCakes118.pdf
Size

76KB
MD5

2d2c490c6062555d2e47da1c778b3712
SHA1

79445eecd5ea9dd4155e187c7db8bb821dc835e1
SHA256

548cd17a87d9d29c8926b021463d0d719acd449233de6a4f885d623523cebb13
SHA512

9421a2c3124605545c1fd498df46595e8771167b0bedeaa4f20bcd8f20b944c1d70527a55d113c9e993e0c6b2168c66663b1e1b4fc1569fcc30bf1bf1ea1878c
SSDEEP

1536:ZF+Q+wwIlwdBFeWZRd0io0HAnYS6x6LPWCpOViPJqWqxvMHX0TYbRM5:TmtjLFtZQio0H4YL6EViPJ6M30T2I

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2276	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2276	AcroRd32.exe
2276	AcroRd32.exe
2276	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2d2c490c6062555d2e47da1c778b3712_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
84e0e0bff35d3e8824bd5fca9fab9e57

SHA1
70f34b25f2e46435aaa7a859fcec4aa11bc8d075

SHA256
8e654a7b9d7f327587e0b78b11157cc34513fdc2d64fb44629290f981e30822d

SHA512
9586fca653d04fb9156ce89859e3f6e0e913ac168f1d00cd9b7a6c12716ca9211b9180b134938cc3c3de32dc5153061580a1d6b66bf99fac71a4a8e4968f4884

Download Submit