47cd681bdae2cb5cb2f3ac557fe4b9bbf844d331ff050687ffaeb7928feb6b80

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04e9c1aaada99bc86a57583bb4d4d431_JaffaCakes118.pdf
Size

78KB
MD5

04e9c1aaada99bc86a57583bb4d4d431
SHA1

9452cfc74be34e70996f8c57d2a6269f4fd44d70
SHA256

47cd681bdae2cb5cb2f3ac557fe4b9bbf844d331ff050687ffaeb7928feb6b80
SHA512

63b77b2a67b588bdfda32353ba339b15779a29553cab7f5f13146b555c1e5cfad0d1d12b545a5d30715355a1c8323a65fe412bb44f6ca3f7a3ce045e9e93df11
SSDEEP

1536:J1UdRfauA5MSHh6IjBHrAGJK27BHtfEvWJXtyIQwB5kPvHWepOZtDrj:LKfbA2S9Ve27BNsYtzAIZB

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2488	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2488	AcroRd32.exe
2488	AcroRd32.exe
2488	AcroRd32.exe
2488	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 3168	2488	AcroRd32.exe	89
PID 2488 wrote to memory of 3168	2488	AcroRd32.exe	89
PID 2488 wrote to memory of 3168	2488	AcroRd32.exe	89
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 4952	3168	RdrCEF.exe	93
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94
PID 3168 wrote to memory of 1288	3168	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\04e9c1aaada99bc86a57583bb4d4d431_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3168
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=84AEC28FB407EC384A43A38408DBB00E --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4952
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=192B524341E1412D25BDDF0535D68FDA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=192B524341E1412D25BDDF0535D68FDA --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1288
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=57040C87E58185EC133B85E3BAB6FCBF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=57040C87E58185EC133B85E3BAB6FCBF --renderer-client-id=4 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2944
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24EC027ED468DE960CC36F274C09E848 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:744
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=978303D7D44139C30108E848D4DF48B6 --mojo-platform-channel-handle=2656 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4632
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=52084EE5F69C0BCA574973BE6C3A9D25 --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
338e31e08057138ce1d0da5bf70c8c9c

SHA1
96a26a63e2cb5222408361a2c2c9ed71d8a8c875

SHA256
867c5ffbaa466effbb87b1db7c871a943e1b50d029200527fbf6cd0a68bcfc71

SHA512
d31448bcba29d5dbf065ea6845fddc5a460dba14d520d0059edb613c4ae57d5476bb2ef975d7c9f0a2aa2ff9cdca107147c89e62c49fee291380ea25daef443a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
529cf27929cedfc966f2b83731d7d0a9

SHA1
9b05ee516ab398c588d90077962a12026943c99f

SHA256
a5c3591690ec7086a335613c4e70f9391a323c886dc4e90b1c06a54970df94a7

SHA512
31b72625e8c5c18c4d57419ddb5622ec03e312088c245500db170555f66447cce939ba7b26dacbe256aa75809271040d519aca9751defa71be92032c522f8fec

Download Submit