30c5099a7877875ddca4f8311b15a1a8e5c179bca738517649c65dfbf3bed914

Analysis

max time kernel
94s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 03:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

554cfa7623ac2ba610388768d6ec0197_JaffaCakes118.pdf
Size

77KB
MD5

554cfa7623ac2ba610388768d6ec0197
SHA1

20ee497c3d456f93bb7398b6a8fe3e74ea1a6781
SHA256

30c5099a7877875ddca4f8311b15a1a8e5c179bca738517649c65dfbf3bed914
SHA512

04c5bda3082d2a7dbcc767351a71181631cd8f8ac3708e823dcb34008ed76424e10a8ae9610eaeb71fd032ea40073c4bb748731e6a38826255a6a62a76020039
SSDEEP

1536:BJY7e3569opJP5L23acEJTGoOE21V2BikP9f6Wqd++IQQ4SEwWspO2qu4M:bZ6eJP5L2KlJSZEm45fB3Eb2f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
848	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
848	AcroRd32.exe
848	AcroRd32.exe
848	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\554cfa7623ac2ba610388768d6ec0197_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
0808a15e60c03fb1b7f75cf575f4aa9f

SHA1
fde5d2eef6caf0ccb53a2f739b2f11ba75313771

SHA256
cc6415d67393f7f2c8a1308fa3ec515d323d86f6be728a3ac2666aac16164c3c

SHA512
2488008b18015db94d9bbeb9f5b1e7713f551acd7bf4315a9bb24296e053ad15bff8cc6e2d9d1e78c77a2e7fcdd6868f6a8e24164423bdf0d938704f2c331647

Download Submit