d6c7f30577c5164cc3bf5f88e2fd8f04fb14bf0890e8ad0a5c0c908f75caa288

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/03/2025, 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_75071982e5d8c45bd96ad32e3c9da140.pdf
Size

3KB
MD5

75071982e5d8c45bd96ad32e3c9da140
SHA1

dcf196c03c91e83b2837c48a49b2dde0b488706e
SHA256

d6c7f30577c5164cc3bf5f88e2fd8f04fb14bf0890e8ad0a5c0c908f75caa288
SHA512

267a003123baff87046666f333374e98b96975af94ff352a2a03cec5f150a4121b58a7c40aae88cb32394383c20e2eefcbdb74c36fff273f4f81e46323224db8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2132	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2132	AcroRd32.exe
2132	AcroRd32.exe
2132	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_75071982e5d8c45bd96ad32e3c9da140.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
14cb26079075996e6e538c057664ed3b

SHA1
f552413f21ba946350f2a9ecfdcb4509d9123de0

SHA256
4aca6db60e7413ac9ee2a57dd629a6ca898e60c507f47755bfd0db527359862f

SHA512
eb558485cb3e52b6c3871c85e4e6bb5d90f2477efff9cb3c394b0a791c5bb15ca0aad358a01829867e66b4636e09a721ab7e6fc2fe7d46c2d6bc9d9bfbc88156

Download Submit