71536027d6a101735b395fd404dbdfeb8e306e5f16347ceafcac5ee6c2bdccb8

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01261aa4400d3870b94427187b1534d7_JaffaCakes118.pdf
Size

81KB
MD5

01261aa4400d3870b94427187b1534d7
SHA1

183a35a32b6ff773a57452118059b2ba863e259c
SHA256

71536027d6a101735b395fd404dbdfeb8e306e5f16347ceafcac5ee6c2bdccb8
SHA512

f1e28c3944ab2cabee7d85d4915a862e00b1bf9162bd237f00ed41fa72b5fe6d0e08157d97a050d7d9dd75165a4729ef960d4b329b1613314bbd27051d130860
SSDEEP

1536:pXwMpX1e976JS9TNBjcYk6E+WkEj0TWCpOVi6Zxm7hWIPUz6ld5w4:l3psQOTNBjcYBZEVi6ZI7XSmh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3308	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3308	AcroRd32.exe
3308	AcroRd32.exe
3308	AcroRd32.exe
3308	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 4420	3308	AcroRd32.exe	87
PID 3308 wrote to memory of 4420	3308	AcroRd32.exe	87
PID 3308 wrote to memory of 4420	3308	AcroRd32.exe	87
PID 3308 wrote to memory of 492	3308	AcroRd32.exe	91
PID 3308 wrote to memory of 492	3308	AcroRd32.exe	91
PID 3308 wrote to memory of 492	3308	AcroRd32.exe	91
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 3776	4420	RdrCEF.exe	92
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1128	4420	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\01261aa4400d3870b94427187b1534d7_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4420
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4FB1BA5B07750887F632D8791D6DCA15 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3776
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=30B1F3C97C16E3A6CB9025DB6C11CA8D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=30B1F3C97C16E3A6CB9025DB6C11CA8D --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1128
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C45F3AD3981785CF716F7ABC1AE8C90 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4652
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A8F2ACBBF853912E43385434DB43F414 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A8F2ACBBF853912E43385434DB43F414 --renderer-client-id=5 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1892
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1CFB33F872F2483CCB50BBD3F99F8070 --mojo-platform-channel-handle=2648 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E282118570B21BA316EB55EF1A55BA2D --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1592
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
eab4e1cf94df146a72afe7ab77e5b3cd

SHA1
b42cd65f3f4c2507a62a47139e0429a3e15c65e7

SHA256
cbd51b53b5863ed039a287975db78acce9600e835b0975bab52ae1d4ffdbb1b7

SHA512
482f8eadc4ff8a8aa42e84ad18b1a089b0a8b6daf0acce5bf4c2efa6504bf7b3656e24dbf5adacfe59d678e613aab9a0211c7157c4835f0c42db13f647eb63ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
9dbbe26a6d5f6b7027f2fc2b0a50c847

SHA1
8a467740cac1068065776f5abc5bd88c7734d64f

SHA256
5609e51b9e4fc36f178f3f74ed3ba4a9c7e25f6a64b796398ecbfadf1c14916f

SHA512
6975938ab336ff6b0ec961c49c0f7ee61ccc4a95c215b90382c4bac5be53ee84c3514cdf370d8b9fbf23600c8f6f724407f8ff1b4b4203d35a3fe073c1372e76

Download Submit