7cf6fe465a66d95bc7a47147204998a22b66be591bb810c3d2eb93cf0bde59db

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-10-2024 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ecf2582963008e8842870b6a30e77bf_JaffaCakes118.pdf
Size

78KB
MD5

3ecf2582963008e8842870b6a30e77bf
SHA1

7be957f2242a886b3c9115acc41613b819cc08ab
SHA256

7cf6fe465a66d95bc7a47147204998a22b66be591bb810c3d2eb93cf0bde59db
SHA512

28221d0b523ccf7f10cc2d6a71be62567d923c78421ddcd63ff3bd99fc4ef61eecea4bb0112ab3074d84ea57ab871bc915c4c398d2cb0d73c19aeb3d2724ba5a
SSDEEP

1536:mhjad2THGdLNBXKDOApc/WA4Vf5FZ5rp1pcbkUqHoCS7/Au3hDbazFP6yej:8E2TmFNBeOALA4VFlhRYfBmzY

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2024	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2024	AcroRd32.exe
2024	AcroRd32.exe
2024	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3ecf2582963008e8842870b6a30e77bf_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e4dee72ee58cb3a5d60d1905550712cc

SHA1
60041b9715bdbfc5040b0281095d62907a399818

SHA256
646c3ff3f5a949bdcca180a57ff6a9793a7bdefc82cef83402a9bab989d249f1

SHA512
79730dd2d72cbe3ced674ea657e49eda5a02e5e336bc7ddd3088be67c8b6b062bb3b8a15caccaf3de93e3f57588f516d4e3799fea7bd27d3ba23bd692700495e

Download Submit