c99ea8683b2adb757d521be55fd29eb40743c9d41f1830829ec600e7907d207a

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-10-2024 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

453f46963df137a16b0db2134ef040cf_JaffaCakes118.pdf
Size

73KB
MD5

453f46963df137a16b0db2134ef040cf
SHA1

b167dec300f4d30f5aff408845830d6927a9d41c
SHA256

c99ea8683b2adb757d521be55fd29eb40743c9d41f1830829ec600e7907d207a
SHA512

5ee75fb15ff32873c53bfdd4676885c2e89ba697444deb1535f1bdeaa3bcb3efc2e5731dbfeaba3ae26add91e0af4a153657c33cb2b4e5d11ac6d15425c1421a
SSDEEP

1536:rlnjwDucJSnVOELfpUuVtm+pBe5+Rv22RyGfiASEJp3qvUrkl:9w9Ja9fTc+OERyGNp3YUS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2196	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2196	AcroRd32.exe
2196	AcroRd32.exe
2196	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\453f46963df137a16b0db2134ef040cf_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
9279e2accedea92cd44f357228d99020

SHA1
e4dfa6a584194221022dd236ea3cdae31776c8d3

SHA256
a5476f2187beb6fc7f60ec24d7c783375aba126d55c49c7619eb40048ce04d2c

SHA512
b9fad7394ef4e73a7427298cc57b0d3f5456c877e1ddfdc90d31ff9d555b78561f131dac8e401756148712a6860b3f16de1a1dfd46bdcdf691c5e9c3acf56890

Download Submit