fd0bc16d0fe031663dbdcc3e1a56f042e7b4b886b02f1f7b905e3d0b0fc6cea8

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e9a5bd6b3b2570301eb067daaa470d2_JaffaCakes118.pdf
Size

76KB
MD5

3e9a5bd6b3b2570301eb067daaa470d2
SHA1

71498ef779d7f000cd0a387a6ec07bee1966e3eb
SHA256

fd0bc16d0fe031663dbdcc3e1a56f042e7b4b886b02f1f7b905e3d0b0fc6cea8
SHA512

6fe717b8366c085157be73b8c84765cadd42b515b42bc2a864d025180cd4b11d3563e371c4b19cc3721457d66555c49e1079f9fa2231cc60818b503a06ecd386
SSDEEP

1536:0JwQ5OK47sALFLIZQ8YIlOW8XNHFFtECJIWypOlLdeKWfKTIR5b/rLPvr3/:2rGNelODZFcUlLdese/HD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2236	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2236	AcroRd32.exe
2236	AcroRd32.exe
2236	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3e9a5bd6b3b2570301eb067daaa470d2_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
819db46c43fc0179a616c386cc4d8b4b

SHA1
75ecc490b1c928279a1cdd72063a09be6b166510

SHA256
08ebc15984ee6c9652dbf132ca81a856caf375788d2dd9b67d03857271be2e15

SHA512
2d36dd23a77af3796603d9faffc03e5bf80d3268a821a10cd3eb6c759e0f38b548cac78985b3cf9e4c9f0d3a0ac47ae2dfe861103f8ef3e32fc30f79ff1e08ec

Download Submit