392a93964edf80e1fe6804441d8717ed070ee25629aeb73948fd07014f68c45e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44220a70d24da349f4b72c40796f50a8_JaffaCakes118.pdf
Size

90KB
MD5

44220a70d24da349f4b72c40796f50a8
SHA1

ca866b69a21d8aa399e9f8e874d515fb905ec468
SHA256

392a93964edf80e1fe6804441d8717ed070ee25629aeb73948fd07014f68c45e
SHA512

74455f4bc2af5168b9f8eabfddaf68e76d0cfb323ba3f1084506cfa4184adbac3e31a23c1d81ed1fa3c3100d2d34335b559ffcd57919f38d5cc481b59d84a9c1
SSDEEP

1536:THS3NSOCUS6NhrDRYdYOw+oScymtCfGKjh+VHZW5V9CI6NzSaWOpOaZw/V+1kmFz:iRCGNpSdYOwVJy87K1+VkOI4zSPaZE7e

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2252	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2252	AcroRd32.exe
2252	AcroRd32.exe
2252	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\44220a70d24da349f4b72c40796f50a8_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
25eaf1dc8cdca47e76a99f846a77f48a

SHA1
40a245f863468113b9ac73389237948840111b15

SHA256
67869c6c4aec60451f05c2bb0f1788a45bca26f33f7b327dae5c4fb18266b66f

SHA512
9344394cfbda241c91ace31ca39e4167d0bbb2e73ffceb5613851565057b37a419f12956898c8c9984c7eb9a3e19b1b51069b32aa2a77aabfc6bebccacb25e3f

Download Submit