0fe70d324110b8445cde6e4dd7df981727297cc25dd0d26407213e819e4c36f6

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d77f379b3f788871234b5a13dbb16ec3_JaffaCakes118.pdf
Size

73KB
MD5

d77f379b3f788871234b5a13dbb16ec3
SHA1

b838ff2a640719bb7162dae7da2bf1383624fcca
SHA256

0fe70d324110b8445cde6e4dd7df981727297cc25dd0d26407213e819e4c36f6
SHA512

27b92363ba378fc5b58c07eac83b067704a381fe1af7a1bd1dc88d2ad18b4fcc235d1eb0815cefb4395634599052280a4c02c41dcf94b57c4a90f6a599b1cd49
SSDEEP

1536:PjBlF9bGHZ5T0XFw18LI0IK0INldqm0GrlmoPbpzedgK1Ras:LFI7TcqZ1ILdj5rdzWB1z

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
792	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
792	AcroRd32.exe
792	AcroRd32.exe
792	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d77f379b3f788871234b5a13dbb16ec3_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
067173866c390fdfbcfb5e699ef77f6a

SHA1
8ddf72f106de4f6230a381c2fbe5ae4fa75bf3a0

SHA256
8ee1f3d612c13a08269ab87222fb8d24dd044a4c2706f573f0949f277fa3b829

SHA512
772b73f50caa412720dc4918b95fd8567b53aaf31c4ade6a532e2d8225e2e5e48d40a2dd861913c902b97ceeaa02faeb08b0e148cdae65cdf0d6ff4857c09209

Download Submit