50c1f8bf52aaf44065425fdbf60918fa50c715fb6420a6e1b5fe1052473d62f7

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42bcc964c5f55c26bd28a94b7ecbce2d_JaffaCakes118.pdf
Size

80KB
MD5

42bcc964c5f55c26bd28a94b7ecbce2d
SHA1

1a07f28add7561cb6f973f810a4ff3ea0c55ab10
SHA256

50c1f8bf52aaf44065425fdbf60918fa50c715fb6420a6e1b5fe1052473d62f7
SHA512

9986c9a18c629781f01bf4233e004789abce27bb3cedb33be015103cb3d2963d1a615903d925fdc8ac5ed50f50abc756faea0f0ff4efbd8f767d65ecb805c783
SSDEEP

1536:AfraL9fuM5rn3ZobzqATyRW7ORWHpOvTWRNk4yG6u2Ncj:Ea3F3y/qATyRW7wvwe3G92S

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2764	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2764	AcroRd32.exe
2764	AcroRd32.exe
2764	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\42bcc964c5f55c26bd28a94b7ecbce2d_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
668916525b38ff264f3ae8d215845f90

SHA1
32712b6696c9955776f9eed256be7ceac64a8f57

SHA256
abaf76eea7d199f9175e040d944af4869a7e389aa69b4f3e558b8073883aa011

SHA512
5ebe9c21eb50f291c58b6b5450fd65fdaf71e8811df6acfd35ab2fa9fec5cb45b38975a21587d52df538b3402c2d2910e1ce707ee72898e70e805d35a493c0db

Download Submit