28cd6fb25a36cb8fa5959577f98c27494a28eaf9137515f2b24334a24f7c37b4

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bdeaa403c85822abe3f798d1d63b146_JaffaCakes118.pdf
Size

84KB
MD5

3bdeaa403c85822abe3f798d1d63b146
SHA1

baf355cb2269b7028fbe730edaf3fcd1d65cd95e
SHA256

28cd6fb25a36cb8fa5959577f98c27494a28eaf9137515f2b24334a24f7c37b4
SHA512

330a889d5b6b11633198ced24e71d471f6ff87fc6896ea9205980a2f2af1b44e23da4067ea0dddd5d9f34389bb42b93ae4edb013488332c1f724e0abf91b032f
SSDEEP

1536:e4CJSLD4SZaus4zTgYqNH4M1jhZzBgbqk7UHpArFDWkNpOPaWSqNQsuEvkbuYoCZ:+SLhxTgYqNYMBebqcwpArF0PpGAYoCGS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2128	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3bdeaa403c85822abe3f798d1d63b146_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
f922d5dc56d1a1e6e3aa3269518a5fd2

SHA1
76ae059009324776db5a84adcb4add356a47fee4

SHA256
1782033db38ceafe96d0b6e5063238a450a2805f7b6943e2cd837f11a3538673

SHA512
f74754074f18df2e8617f072ac281abb90dc83696056ed6426421d4a8d29d5c18c8fa22b36bbac16dd27e4c5da6c623f37666c3a8325703158893ade40b7d3c7

Download Submit