8057aca02093057059193c95e6ee9a1e1697af753bdc5949c8edc9b7c191f080

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4419b38cf0cf73b2d67e4ec24e8a4e5e_JaffaCakes118.pdf
Size

71KB
MD5

4419b38cf0cf73b2d67e4ec24e8a4e5e
SHA1

58619c2ec2d0aff3b5d9d6f7f02d89dc5e0567ac
SHA256

8057aca02093057059193c95e6ee9a1e1697af753bdc5949c8edc9b7c191f080
SHA512

d1c37ada47a684f899cbdbf70e998f697867a4787c14343349a3bcbd8da29eb988da3a77b69fbed4b8c3512c477f31006f222638e1abecc6482823cbc477565d
SSDEEP

1536:QB6kjXrvFSyHkEJBrwRchDjqFgnl5FqVBfWPrHys0/4besZxnSi8GE1L4d:NajNHkuBEypmFgl5YVGHL0/LahH8F1+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1508	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1508	AcroRd32.exe
1508	AcroRd32.exe
1508	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4419b38cf0cf73b2d67e4ec24e8a4e5e_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
4126a80abf8061e9b762c91e41883acc

SHA1
011e48f290770b1038c17d052b672b06fa554435

SHA256
d44f3a1fde2de1537fc9d094ba2d6d194660b678b597cd3498cf29be44bc496d

SHA512
7c5a77ce73e71f7ab8362a5410821071ff59766336c9c944678b7f5b691298c12f35571c7abde1316c6aa0762723b666b0a227d003027e79cc7118c5debecda3

Download Submit