557d0b9f92f61ba5c45353501660e3abc718803f1cbe7983fbcb7259a84d327d

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/03/2025, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6524291df55d01064fc735804e94ae3f.pdf
Size

16KB
MD5

6524291df55d01064fc735804e94ae3f
SHA1

3a499ae5b736b3d8d4616d229bf61f22a71c70e4
SHA256

557d0b9f92f61ba5c45353501660e3abc718803f1cbe7983fbcb7259a84d327d
SHA512

01baf5700a3b402a1281817ced35212342637181c7b3f954381c5a1e5093653c5d69838422d0aafb6630a6cc950fedb6afa86aa8ec64a41f623109ab91ecdccf
SSDEEP

384:kPV10AVm7EhiRl3+pMbUdxEH6XX5MgT5egMVbaoxgnfWmgTo4dGGY/:zEhiRZ+mIdxBbT5eE1nOr5g

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2168	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2168	AcroRd32.exe
2168	AcroRd32.exe
2168	AcroRd32.exe
2168	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6524291df55d01064fc735804e94ae3f.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
ec2aef08be02ca0233d4c81d7c15079e

SHA1
96d3a9a7420810700efa932636c0afe1dc62259a

SHA256
068a8054875613d0588b76aea519aa77a9bcd648cf87067f8d944342e38290cf

SHA512
36cdb88a565ca29360895af6d74e1a2400acc1c708c30680bb254c773be2ff934d9ca542f095739f9bba34d9cc484133915d7976475f0712fcbc4d2e375ca36b

Download Submit