a4ac91c0e15f6725222a1c4e3bd98b4e41f9c0b14c8b58f768d2a8673b44de14

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fa0c6cdc97bf2940d080add6fdc2b295.pdf
Size

126KB
MD5

fa0c6cdc97bf2940d080add6fdc2b295
SHA1

a480e1608ad8e6bc755fbcb31e02a463565da56f
SHA256

a4ac91c0e15f6725222a1c4e3bd98b4e41f9c0b14c8b58f768d2a8673b44de14
SHA512

535edb3f887177b93557a0f8eb360efa595c34ac3d164ec9cd200e4df92970217a8904ee62dbf1079a08de565ac53420d39d611010646c841527b6981bc48b57
SSDEEP

3072:O9IzwGYqJiVgk8qm+2Svw6rJfUMPKOBLOhXfCPOEqKAJPZOWx:OttqJiVgn768MLOR204g

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2024	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2024	AcroRd32.exe
2024	AcroRd32.exe
2024	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fa0c6cdc97bf2940d080add6fdc2b295.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ab1d8b3a368a35ddbec4354a8d2ed836

SHA1
9faf60bc94e5c156c31bbedf3795e1285debbe62

SHA256
8f86ce7abbbe8a0d9b82971e1eb6503393b82a7e6e1db7fe3bb2842ae52e79ee

SHA512
41bcf1b58bc1628de129698dcb2810857b218832412090966202f81c174408c98c66318b82d0d297e369ac6ad03ba8e0e6048a2f7e0b558dc7c1add8d128b74a

Download Submit