b51ef1ef7b01de180cbb1acc1bdcf0db440d544be944a4f49a9a76b5ce7f3e73

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d771e8b824e78af73c4f4797838a8303_JaffaCakes118.pdf
Size

15KB
MD5

d771e8b824e78af73c4f4797838a8303
SHA1

91e3447136cacfda0babc2e4a9c25ba40d6fc5d4
SHA256

b51ef1ef7b01de180cbb1acc1bdcf0db440d544be944a4f49a9a76b5ce7f3e73
SHA512

a6553e71b4ed7bc60bb463b6a2d6b08bcb1b02c733873989d6e94f293d9818ef686e81d5b3113ea754d288d76885aca9fc60a561cbf92b6d3b3a09e67c97ed98
SSDEEP

384:VzXvNZJMXoz18bdQPxtmo4DTr5tn+FR/BDkjyDgdev3JPBfD1d3zuAFIFRhWhB4k:Vzrxz18pkv4vr/+P/RkjYkePJPJhd3zN

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2400	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2400	AcroRd32.exe
2400	AcroRd32.exe
2400	AcroRd32.exe
2400	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d771e8b824e78af73c4f4797838a8303_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
1af2ddd03ec354654840c9dcb1cb7935

SHA1
71d6325519f06e0d06f3a8c297deec02a070f295

SHA256
d5fdd78b19af4a152afc150419e343e531f3cd21622c805d8bc3a3bc712be511

SHA512
ee1cda38866cfe8e15e4ceddc07da0cdeb606c9fd311042035f19ecc6228b3bb483e8575b7d9488914704778bbab16b36d0db8537f0cd853f0f6ae4a904df49c

Download Submit