e27d9a71f636bec58df05d999d9f1f02653049ea266baef0400f36ec2d9e9575

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
11/03/2025, 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_63a8278eafa86f92f871428561192a6c.pdf
Size

1KB
MD5

63a8278eafa86f92f871428561192a6c
SHA1

69fdcec546e8c730853fe376aadffe61e65397d2
SHA256

e27d9a71f636bec58df05d999d9f1f02653049ea266baef0400f36ec2d9e9575
SHA512

a7f2833bb8a5f1dcc3cf4a76cb325f20346730d63b44473800f3c16a8854cfd00b9b8ec2dc63f299973d4bf89af1e6a14a35b0aa09e919d4ee8d6eb1abe98536

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2580	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2580	AcroRd32.exe
2580	AcroRd32.exe
2580	AcroRd32.exe
2580	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_63a8278eafa86f92f871428561192a6c.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
c79e19fdb94aeab29a734c905260b111

SHA1
70790ad2d46a0cce629ee8eba6ed633f4066c44f

SHA256
333b3b967358bde916d4c6c62b4a0e8bd5cc08e2e37cbd72cbce1728a556ec39

SHA512
eb8b57c225e4a1e0ea7c534f8c422d427160ec4c3b279a4fc8a45ad9f75ebfee4cd7ca1429282d28c7b3f6e93d4893526711e9d78e4bc4506f6812208e37bbf6

Download Submit