1cef785c34d8163bb0e3fd659f2eb2bcb34df23093046a60123d1021a566ebe2

Analysis

max time kernel
94s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fa062c7e5060699bf87d80bd412d61ca.pdf
Size

80KB
MD5

fa062c7e5060699bf87d80bd412d61ca
SHA1

7076f19eb04e4a5076385c8e275d7390f8034438
SHA256

1cef785c34d8163bb0e3fd659f2eb2bcb34df23093046a60123d1021a566ebe2
SHA512

f8168c6869160acf8a4fab1633db3d3bc5dd79c944c998e46bbe841de978f164f73e9f43f0301910d10b433d94f5213d3fa56d97e197fe244e9bfed0a7f9e044
SSDEEP

1536:HOpWuQlv4D3bHhx0SVnAxncmW6pOu24jHLmctWc4ml5:upRrhx0SVnicju2mzV4u

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1712	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1712	AcroRd32.exe
1712	AcroRd32.exe
1712	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fa062c7e5060699bf87d80bd412d61ca.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
768953eb669225f580cfcd42bd4cbda2

SHA1
4fc7ec175bfcdc67c3962f4b903eb9a96aa46d4a

SHA256
9ecdae09d336c54f4f0143bc2877a37f14725c0e5b05ecb9812e682501031d7a

SHA512
27a46d657ffdb843b3287bef80c31584e1269263f035d2b9620fe78266fed756c5eb8b177aefbfce49ddffb384a1ddccb5da8fcf0c8a448fe327972fd0309c67

Download Submit