Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
31-10-2024 08:30
Behavioral task
behavioral1
Sample
8277fb8cd8a28e0d647409daaeb6237f_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8277fb8cd8a28e0d647409daaeb6237f_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
8277fb8cd8a28e0d647409daaeb6237f_JaffaCakes118.pdf
-
Size
79KB
-
MD5
8277fb8cd8a28e0d647409daaeb6237f
-
SHA1
33ca949edeb94b0610aaa8f55827d218590c7e9e
-
SHA256
f560381504813e290aec37789b42aee2cc4bf873adf6ef67d6710278f00e16b4
-
SHA512
3ec8f2fb03574c307a7401435ead1409d42383f4fa2803967c0ea3fe9adb39fbfced95f08f32aa4f0bdb5f3de33f1dad98e50d996f363e9a1b6dabe02abcc3e3
-
SSDEEP
1536:97utivYaRIexctLTj7E2PSR/4CP5247g3Epxb5R/AbuU+/aNJy:4tLGI33E2S/4Gp5NR/8uU4a2
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2996 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2996 AcroRd32.exe 2996 AcroRd32.exe 2996 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8277fb8cd8a28e0d647409daaeb6237f_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2996
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5956e6b52d7ef98196539c6364731317e
SHA1625c52aa7afa9724d270fce41fde642ea8dd584f
SHA2568e101ddb7ee39ba362e3aa7a5583d3c21ff73d6a05fbba7e4907fd39d1f543ce
SHA512a7a45879561ed1f7701e249b2c394275a2f082a029c09ed33b8049e515b605b507da45eed1073c08c5ce230ebf6d664189d525ff20f52844982504d1a58b88fb