46a3737a43840613a7132b5ced66fef61c8626e963f40d01695a85bdc952c4ce

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f07ef6b883e4bf2e69bf430184388bd_JaffaCakes118.pdf
Size

65KB
MD5

9f07ef6b883e4bf2e69bf430184388bd
SHA1

2cf00998c44944beee169b0d250373ca5c06f6c4
SHA256

46a3737a43840613a7132b5ced66fef61c8626e963f40d01695a85bdc952c4ce
SHA512

7aeb92269896e941d6d04ba20623e6dc167df1fa5d74b26ea66acdba64554b0df218bd1553741191c25d28a1c8199b4d43b9291437f7cd5db46921deb762c780
SSDEEP

1536:wWFxV4OXiL6X5u79uFdi+9Y2mNpLhSIAXO7L3ZeRc7GSWOpOaZEWwqZ/:dFxV4OX64dhHUpLhSIAXg3k27GnaZMqF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

AcroRd32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

3028 AcroRd32.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

AcroRd32.exe

pid process

3028 AcroRd32.exe
3028 AcroRd32.exe
3028 AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

pid	process
3028	AcroRd32.exe

pid	process
3028	AcroRd32.exe
3028	AcroRd32.exe
3028	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9f07ef6b883e4bf2e69bf430184388bd_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
95fbf0e4b062b1e5a03e5d1896d5353f

SHA1
e0735b3185d5de49961291fa972986eb2e024672

SHA256
9d08fe5d6030ba20023dd9582d7412799edc31dd7ac2f4b1e5ff6be1cffb2291

SHA512
19edd4f79bf445ce70c839c419d36293481d753383f158b83ff7f83a0c47444466c609a8e8eedc349c3b00d961cd85ba09864f4ce7db685b185c62653c14576f

Download Submit