ce0f305e39e1b253f0c26f2b499cdeeb0a91cb8a5cab6531b51764b77ca518eb

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/01/2025, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f9fff28cd29bbbff34caa35d43b7020a.pdf
Size

71KB
MD5

f9fff28cd29bbbff34caa35d43b7020a
SHA1

6dbd739473f18436090042b57033ece917f2abcc
SHA256

ce0f305e39e1b253f0c26f2b499cdeeb0a91cb8a5cab6531b51764b77ca518eb
SHA512

50b17ab39a20aa45cf383dc05246f69889bc32a482394688ce34e0ea6b04a89bfefe3e1689e61933ed014fe757bac9b09951d879dc39adea22fb5ddfa149d2b4
SSDEEP

1536:mkZknanejCdopOmL1nL3t+ripxWxApOGzWNzttF6ReCC:rZ1C8GO8B+ripW3GKF6Q

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2376	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2376	AcroRd32.exe
2376	AcroRd32.exe
2376	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9fff28cd29bbbff34caa35d43b7020a.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
60d6a6933455cd4bd5a3ea795e4d38f4

SHA1
59b1092c5946ab1550d6f698ec033f2ae390c2b5

SHA256
2c876b1f427f81a63fd3d8b7070a75456be8e4b2d336ab2557bbe7a7f792da9a

SHA512
f44ab2be31289ac7a26889e3a7d052ec40b9486f7376712ad80767ec190939e142323a340ded23c802e4a06ae28806556a0e9790e04d401d0eabbfdf96bf1b4b

Download Submit