bbf408302f86f985cdc618f7e3f51c9806a1f21d210995ba9a4cc5080a443c90

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
08-12-2024 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7ba3f6ea0cf886c61070796c0708534_JaffaCakes118.pdf
Size

92KB
MD5

d7ba3f6ea0cf886c61070796c0708534
SHA1

20b62c741670d84c31c6f76666901de56fa4d7ce
SHA256

bbf408302f86f985cdc618f7e3f51c9806a1f21d210995ba9a4cc5080a443c90
SHA512

1d05c2cb13234a41ae73810f3054e3c5d8aae284fbd11da62fa94dc87b4dcf3079ff98021c7d18a85b36144f16ec817c89150bbe8f1d7d80c5ed68c3c251e1f6
SSDEEP

1536:oHrHuRQsTEjOZuwChKxBun4xVyxfn7pqic6/onxNsPXJtLe2IOWGpOKs4XgFQ6EA:4rHuzEq1Fxhkn7zbAxNsPZtL3IXKs4Xk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2372	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d7ba3f6ea0cf886c61070796c0708534_JaffaCakes118.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c7c96b59c1446f8d67756bcaa2d2d735

SHA1
6506e173560e00499865450c0eaa3a1e4051e8bb

SHA256
0ca4085e2d6e0c911fdd3600980dfe0f59784cd5aaf438dad4de647092647e00

SHA512
5b3c8d15ebcdf8aafd5010be7586f79bee57bdc67859d13131f0a4398a6b83146987197b5030b9f5aac73956b35a80471640daef24c149919fa31f094d6a763f

Download Submit