Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-11-2024 01:49
Behavioral task
behavioral1
Sample
91e2ec74cb5084a273ef462fc4e2a1a3_JaffaCakes118.pdf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
91e2ec74cb5084a273ef462fc4e2a1a3_JaffaCakes118.pdf
Resource
win10v2004-20241007-en
General
-
Target
91e2ec74cb5084a273ef462fc4e2a1a3_JaffaCakes118.pdf
-
Size
78KB
-
MD5
91e2ec74cb5084a273ef462fc4e2a1a3
-
SHA1
89fa095f631a3b74ee1260f5ab89cae94469d5bb
-
SHA256
7f68e19f203c13f5353af1b41775d1de54ab37b5c03426418eb4f02254df52d4
-
SHA512
64984f608cdaa062c5dbfdca5d9f61509f42fa7168af1ba4e0ddffb13e09c58edd29d0b5b26e251684585e3d5c654e7390d701a2106bff7dd04029711fbfcce0
-
SSDEEP
1536:BDMFpeVb5XEgHrArok6zrzWRtba57WnImlW6pOu26WCrrFX2u/Me:NIY3XVMrozTWRtba5fHu2Umud
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1728 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1728 AcroRd32.exe 1728 AcroRd32.exe 1728 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\91e2ec74cb5084a273ef462fc4e2a1a3_JaffaCakes118.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD5a0a2de854e83dec48cefa552f982ed35
SHA162366b36b0a5af38ef325aaf395521e713fd0970
SHA256cf28ac2b5f542226e899240beebf906416d4f902aca8e2564a25686d381ceaa9
SHA51262e85ebda8ceaa474b69436b4b9b269b963c5f6468e2b8d115257c9f0cc2a4ac45f97e0ab0889c20ae5a8251376e6bc4f66d68f147029eaf88d328996d63d480