6e0b1b859e2b2e945e655887d00988b3c42142692448718c1b9ed1afb12a1e56

Analysis

max time kernel
105s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 10:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2fd17e655bf304bd936d33be3541d20f_JaffaCakes118.pdf
Size

78KB
MD5

2fd17e655bf304bd936d33be3541d20f
SHA1

912eb53a702ab8ffea17325306f30f8754662cb4
SHA256

6e0b1b859e2b2e945e655887d00988b3c42142692448718c1b9ed1afb12a1e56
SHA512

5814d4e5312ab2b0cb1eaa7563fbd6016011a88226f79c16179ec4f1a958be94d3c7b0a1d4bf860de66a410305ef78032538f72c8c3e25690a60824248ef04eb
SSDEEP

1536:izzj15R+7Adz0YIp7aSR29tIyESOizWNjwGF5l3ujaiAuZW8pO7xjI:YZ5xz3I1aZ9tIPSqGGiAuw7u

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1620	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1620	AcroRd32.exe
1620	AcroRd32.exe
1620	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2fd17e655bf304bd936d33be3541d20f_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
72829c3b9e60a1e539a65eea9f360651

SHA1
d458ac16d828f31ac64697281be569c3b0a157ef

SHA256
2c6693d117e02e656955df9dfe17bd40dcf3a1ed0fb709d40cfa11eb1528c650

SHA512
5483d7d1c97e846e99b158795dcef1aeb5d43fc617bf1b442a34ca481b1a69d9c9143e57472ef4deb45d6fc1ceb07476daa09446d2a8232f13954afaf9bb750d

Download Submit