497fe955ad621bc73b4b8daae6b0fbce7c967cf7bb5414cee9584ef0f220a137

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91e00161c96f3c5d904a70ecc15cc741_JaffaCakes118.pdf
Size

79KB
MD5

91e00161c96f3c5d904a70ecc15cc741
SHA1

7714aee6fcce8dea1bc4b5af959dacdf8099ab4f
SHA256

497fe955ad621bc73b4b8daae6b0fbce7c967cf7bb5414cee9584ef0f220a137
SHA512

aa190b3eafabd26c5d51d23de972dab5b7db08d44f42525240e8d3ecb9ad09be65505df7169421189f539f0c043c7144b0d517a021a4e3bba215e52a0e572c91
SSDEEP

1536:pizB2JAiXo9uHIFxjEGK3At+RBEgPXHCzwC5stIFvWYpO2+WNj97lPGHAlyGwdqX:AzoS42qG7+/Hl2stIFu239NGHqyGwopF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

AcroRd32.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid	Process
1948	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid	Process
1948	AcroRd32.exe
1948	AcroRd32.exe
1948	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\91e00161c96f3c5d904a70ecc15cc741_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
a01be908ba3f0d86dc7f87cedd68d063

SHA1
ae32aab947b793874999732a6aa47034383355e0

SHA256
9782d0592aabcb8a20f3262f6488a53a76d70b7c9d2b77c1834dd05748fa54c9

SHA512
f6b06cbdafbb189400aad5d33bc9e6db1241da7a1d2bbd2b26dc445d111ca941ec9ba2972e16da0f637bb3ffc94eb50c0d3a379b095ff98b5b174665f525b55b

Download Submit