27aff7936a357b59fcb85565918915ad17628680af40723f1f288a7eea6aafb3

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

418e544fcfa0b0641de299393aa37814_JaffaCakes118.pdf
Size

85KB
MD5

418e544fcfa0b0641de299393aa37814
SHA1

ebecfeff9fe5b476ad2a3426ee0ba72eb2a50a9e
SHA256

27aff7936a357b59fcb85565918915ad17628680af40723f1f288a7eea6aafb3
SHA512

f898f4de4c73516349fcd5423447bb9bc667c3eca7c8bc2ccfb38f836f0a798a73a687752d1dbd43866e2d8711550abad09f1f12e59a6b65f96745386f452b9a
SSDEEP

1536:YiImPIdamcOTuxJstLO5n4P4IWGUxWMdgeDH5TWOpOwr9x+0Vx:MmAax5stLOn4PbWRyKH5wwr9x+K

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2036	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2036	AcroRd32.exe
2036	AcroRd32.exe
2036	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\418e544fcfa0b0641de299393aa37814_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
10a1a2d6575523f449c828c46f5a043c

SHA1
a566762a50ec39cc602bc9537216a1409b6aaf31

SHA256
8f9b7c651d841c7b74aea02e4c80a174b1cb7540ed874ecba7f65a329759666c

SHA512
08c82489b42131d0724297905941d33fef81dd8abb198e3ce18dfc57cc64c9f1300d5470b9e11bc5a190fa4a1a53a156b0d6f1d680945d0b5fd7ca71a237505d

Download Submit