Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
13/10/2024, 17:42
Behavioral task
behavioral1
Sample
4135c5c38a98365c09d2d367cd7e5f29_JaffaCakes118.pdf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4135c5c38a98365c09d2d367cd7e5f29_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
4135c5c38a98365c09d2d367cd7e5f29_JaffaCakes118.pdf
-
Size
40KB
-
MD5
4135c5c38a98365c09d2d367cd7e5f29
-
SHA1
d129116b790450c1e6738d05ea126b904ab632b3
-
SHA256
fafdd321f67255316687054bfb33d9c83109c1186f91ec1454fc5b260db3d20e
-
SHA512
3a5f06b9e7ad81923284acaeb7912a2756b344bb2f2edb7dce1d25ad4bf23602d234e3a97872b0147a26a908a124802eac476f7446ccbd224d84c5aa79fcdec1
-
SSDEEP
768:r2undtG516sJw6u2D3TtKqazz4RJUHtagEzVGrugb:r2udA5XrTXC4RJUHtagEVG1b
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2644 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2644 AcroRd32.exe 2644 AcroRd32.exe 2644 AcroRd32.exe 2644 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4135c5c38a98365c09d2d367cd7e5f29_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2644
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5e4cdebd320d43093581a474abfac5485
SHA19fb0f32cbaa6e4e0fb294b2075595bc8d6bee001
SHA256e5ceb39110b739026cdd9b6b54c7a51969eec24b8aa5defb4886cfbe9dbf3427
SHA5121d0a82105f69582e859f9e77e0d15deb8d101ec0b6d611e4dbc4bd1c8e36493e3a24d7ef181a4f20adf487eb996be2c9b78e16b96d1c8dad2ceeec88be666938