d06b373c0b8559abd2b92525f5286f737c99dae9215e79c5fb95773a1860bac4

Analysis

max time kernel
97s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

554407bc93de2e1a9c3321962ee95738_JaffaCakes118.pdf
Size

87KB
MD5

554407bc93de2e1a9c3321962ee95738
SHA1

51d1e1cd5c45c2ee429c9c431c3122e6160d4838
SHA256

d06b373c0b8559abd2b92525f5286f737c99dae9215e79c5fb95773a1860bac4
SHA512

9213edd00e808be29c71c1efe82fab4255bf5efa8a3ef76b9aed73b6aeef83a295a20ba8932a236dec8bbb20498d77f85d1e5a51de1845459272ce32014e6bbd
SSDEEP

1536:WYKai04loZFA2Yn2F+sbsEdnMrKtysgOShRaNtjMN7BWspO2rWz7DyjD1r2:lDi1loZLF+sbjDyXO6ggw2KD0Y

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2304	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2304	AcroRd32.exe
2304	AcroRd32.exe
2304	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\554407bc93de2e1a9c3321962ee95738_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e350197d037109d61575ae1dc7c19019

SHA1
afba010e0b6ecc892d197b9b82cabc2f595bc666

SHA256
4be82d337ef6196c4e2169be2822ce0e9c490b3e6efb696b2b1fb33c9b173d0e

SHA512
47061d827a180f2acc9c45b8788e42fc6ab2928100f14fa984a0f972225661e9497697466459c723479cf005e120a130da11ac4e5fe734a832a8a0342f8b1be5

Download Submit