7106c295ece1cb1648661b1e0d2d9e0e854664252e5be54d9046536337d594e6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43f72714c6d4efe1d300215e85f6272a_JaffaCakes118.pdf
Size

72KB
MD5

43f72714c6d4efe1d300215e85f6272a
SHA1

ced5eab007ffe85f641c81d1698ddf12c88880b7
SHA256

7106c295ece1cb1648661b1e0d2d9e0e854664252e5be54d9046536337d594e6
SHA512

02a1b46e116d99ec150a4a590cd4f4673fe3c95714e62b378dcd952d611eaf28aefc6e65ba25dae0ecd3650f37d72bcdee3a6e833ed1b602dff67a8d953eba79
SSDEEP

1536:awUcat7RZOiaS4SEDcn41zYls9TAkJz5tGFBB:ctbOC4SscnUzYuT9JNtGB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2284	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2284	AcroRd32.exe
2284	AcroRd32.exe
2284	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\43f72714c6d4efe1d300215e85f6272a_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
398f7a99fbcf8b81f92a7680a8d63201

SHA1
1d7728ba3ffbfe859c35b879d79c5ec41433eb58

SHA256
aec2182ad1b545ecce21a2e820921807af1d16e33efb1b8f599299d21a5bb96b

SHA512
0cf898037e56a55f320881c18f7828d31a9143c444421f2e5baafad40fc5b0d238617635e399a0f46654f0d9bf3bcb8cc0ae6cabd8fe7923fbf81cc395489f03

Download Submit