93a9cc2116260fb3eed6d4d4803a0809a385d92eb246faedaa48c1a93b314600

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d789845cf8dad9bcf0830109545573f4_JaffaCakes118.pdf
Size

87KB
MD5

d789845cf8dad9bcf0830109545573f4
SHA1

6bb262df2b784dd5a2b207e76853a596be442c03
SHA256

93a9cc2116260fb3eed6d4d4803a0809a385d92eb246faedaa48c1a93b314600
SHA512

eb3948a6e05f7358a6eafbabfdfc18b3af99f514ba3539c1291cb763c7bcfa0c61966250c69c9f069b1b0bfbb99be2232b206254db5eed42be944882ce85d199
SSDEEP

1536:pC31BHgMrle3U1DJEjh16Tt5l8i9aTLhNG4WIpgUET79lWwF8YJByYsPkhzKWwpx:Al+MgUBJJtoi9aTLh2PT7z5JBnscF9SR

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1504	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1504	AcroRd32.exe
1504	AcroRd32.exe
1504	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d789845cf8dad9bcf0830109545573f4_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
b68e45169021ce43f9223760199383c6

SHA1
a53b174be242c9fe29cd11d10bbfdedefd3f0d6c

SHA256
881407545e183d0e27f70419e37ee5b948497a0bb30942b45b0d9eeb39332c0d

SHA512
d2cb4a8e35528cfdeb7a7d055fb57099c0fa4094337ff16333ab24355abbebc7acede2af8bb6895f6e99403acce59fde81f0e88b3e84f9a5d3aea12ee8032ba8

Download Submit