b01b4d19043002f5a1846b1ad464a2f6921e75a70b80661b5ef162eec9db27c0

Analysis

max time kernel
97s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15-10-2024 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

465cb88e794d13262f5380eb9c65a167_JaffaCakes118.pdf
Size

102KB
MD5

465cb88e794d13262f5380eb9c65a167
SHA1

082ed235d870e5537b88d434f14ab8c3dd4002db
SHA256

b01b4d19043002f5a1846b1ad464a2f6921e75a70b80661b5ef162eec9db27c0
SHA512

03c3e6b7a59e43403089a23ea98e435d8e318fca25c0aaf5c32f62680e96703c2361893e118e967ed030448291fe43b3bd7f9f6f586eea3d424b4b3e5a5a3ee9
SSDEEP

3072:zMktHBV56nWJLTwDckVUz03wFeQROW/jIS:zMkn6WVwokP3wFEU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
972	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
972	AcroRd32.exe
972	AcroRd32.exe
972	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\465cb88e794d13262f5380eb9c65a167_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
1ba2ab4ada6a13cb093462b89b8368fb

SHA1
bb3b65ff95ca367ece0e7e1a13e0b58f14fe757c

SHA256
ebe72133dd2fad4e45d5e3f7cf049a9c286a58eb1fcfb468b398bc1994391e4e

SHA512
a2771528df10095bec60c5479109d146ebe4383850b759c04c4880fca21c929959809f79c16129fb3299a578d2e3f103bef098abef4afd70e11aa5470fa34dce

Download Submit