Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-01-2025 09:21
Behavioral task
behavioral1
Sample
JaffaCakes118_e2d2980ea7d69703062cc82361e29509.pdf
Resource
win7-20240903-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
JaffaCakes118_e2d2980ea7d69703062cc82361e29509.pdf
Resource
win10v2004-20241007-en
7 signatures
150 seconds
General
-
Target
JaffaCakes118_e2d2980ea7d69703062cc82361e29509.pdf
-
Size
3KB
-
MD5
e2d2980ea7d69703062cc82361e29509
-
SHA1
91eb788d94aa6e108772b0439a4eb3a1bcdf88ce
-
SHA256
2a4c15640a36205b995f442220f35fc0fe1a619b716ae599031d7cba2a445afd
-
SHA512
cb1dd9718f0f4a5d7b3022b7d4afc46e1689b55b305f700a7b85fa876613376273a22cf854b2ea38ff2ca0ae5313abc4eb678c98e0e03477c8f24650a41d169c
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2400 AcroRd32.exe 2400 AcroRd32.exe 2400 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2d2980ea7d69703062cc82361e29509.pdf"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2400