f9204c7e4c444ac36232ab31412a4ff7d20119efe80baad8cee528429d2214c3

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d798d0e8ea5a8067efea2dd30d3d8b36_JaffaCakes118.pdf
Size

72KB
MD5

d798d0e8ea5a8067efea2dd30d3d8b36
SHA1

d215536b245d073dbe6192ab8badbd0062ae8842
SHA256

f9204c7e4c444ac36232ab31412a4ff7d20119efe80baad8cee528429d2214c3
SHA512

cf5b8bbf67d14b73214f07d61d9d2003efb42813ef39684cb37b22a458e69921532f9fc91604e172c2870a882b3a24727603435cf7c889907490328f45db49b4
SSDEEP

1536:ibt83U6N/wnl72wlEYgiiJoHPENc2yHGaFXWCpOViIWaaGG3wX9QeBzp:Kt83UmMl7NgiievENeVAVi2G3i9QAV

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2568	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2568	AcroRd32.exe
2568	AcroRd32.exe
2568	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d798d0e8ea5a8067efea2dd30d3d8b36_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
399ab2b70e62f4ce28a3a2291791f7b2

SHA1
2d1d865f56cc94e913dbd33ff16d295e667897fd

SHA256
04b6f4d9c99bcb404c8c7eaa5e7c2282c4fee10fc01aa3caff92ada87b4b2a76

SHA512
90833cf7884cccb885f4dd9175e0b0555f94747fda0489caad108b912edf0f42b160868ca65ec57febb993ce5e91856e77c9030ae211c8703a2db2a0df66ad5c

Download Submit