Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

0d72a4cacf...18.pdf

windows7-x64

1

0d72a4cacf...18.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 18:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d72a4cacf2e4dda121d6841090c83a8_JaffaCakes118.pdf

  • Size

    86KB

  • MD5

    0d72a4cacf2e4dda121d6841090c83a8

  • SHA1

    4c4a4759f8b47a588c8aa2272a17425e7c495bbd

  • SHA256

    89ceb34b5d18b79e714a4df91d8c5bee21949beed75aa511f32e9f0c2bd0842b

  • SHA512

    9e6a61c8df78e8a97c173c2c752eb40970be78ad8bb14c9dd7c5963f7581502b9507bc361872775854de8c6de96e1c5312ceeaac903a60f562d79ac010a8c72f

  • SSDEEP

    1536:YwZUdjhGWAKrS07yOyjaolumS46U9u6I8AjvC1al+bgNDW6pOu26WI9e3uDU+y:/MY59jS746U9PAJobcIu2we3Uo

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0d72a4cacf2e4dda121d6841090c83a8_JaffaCakes118.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3684
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:860
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9BC4DD08F2754D0DEB8F31A34C3376D8 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:592
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=315AF959D961E4C946F002A3C90AEEC3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=315AF959D961E4C946F002A3C90AEEC3 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:1924
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BDDF26E843859CD57C0FB9BCECE8BFBD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BDDF26E843859CD57C0FB9BCECE8BFBD --renderer-client-id=4 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:828
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7A18F3CABBE9C4D37B329E97D0AF57EF --mojo-platform-channel-handle=2696 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:1212
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=900813C695B5FE81BBB9D6C7F71DA2F5 --mojo-platform-channel-handle=2864 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:4064
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=928D09B3C1D872419C11912F851DCEE1 --mojo-platform-channel-handle=2880 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:672

              Network

              • flag-us
                DNS
                104.219.191.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                104.219.191.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                42.56.20.217.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                42.56.20.217.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                67.31.126.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                67.31.126.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                241.150.49.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                241.150.49.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                172.176.78.104.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                172.176.78.104.in-addr.arpa
                IN PTR
                Response
                172.176.78.104.in-addr.arpa
                IN PTR
                a104-78-176-172deploystaticakamaitechnologiescom
              • flag-us
                DNS
                107.117.19.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                107.117.19.2.in-addr.arpa
                IN PTR
                Response
                107.117.19.2.in-addr.arpa
                IN PTR
                a2-19-117-107deploystaticakamaitechnologiescom
              • flag-us
                DNS
                157.123.68.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                157.123.68.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                198.187.3.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                198.187.3.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                0.205.248.87.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                0.205.248.87.in-addr.arpa
                IN PTR
                Response
                0.205.248.87.in-addr.arpa
                IN PTR
                https-87-248-205-0lgwllnwnet
              • flag-us
                DNS
                200.131.50.23.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                200.131.50.23.in-addr.arpa
                IN PTR
                Response
                200.131.50.23.in-addr.arpa
                IN PTR
                a23-50-131-200deploystaticakamaitechnologiescom
              • flag-us
                DNS
                200.131.50.23.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                200.131.50.23.in-addr.arpa
                IN PTR
              • flag-us
                DNS
                34.56.20.217.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                34.56.20.217.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                2.173.189.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                2.173.189.20.in-addr.arpa
                IN PTR
                Response
              No results found
              • 8.8.8.8:53
                104.219.191.52.in-addr.arpa
                dns
                73 B
                 147 B
                 1
                1

                DNS Request

                104.219.191.52.in-addr.arpa

              • 8.8.8.8:53
                42.56.20.217.in-addr.arpa
                dns
                71 B
                 131 B
                 1
                1

                DNS Request

                42.56.20.217.in-addr.arpa

              • 8.8.8.8:53
                67.31.126.40.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                67.31.126.40.in-addr.arpa

              • 8.8.8.8:53
                241.150.49.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                241.150.49.20.in-addr.arpa

              • 8.8.8.8:53
                172.176.78.104.in-addr.arpa
                dns
                73 B
                 139 B
                 1
                1

                DNS Request

                172.176.78.104.in-addr.arpa

              • 8.8.8.8:53
                107.117.19.2.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                107.117.19.2.in-addr.arpa

              • 8.8.8.8:53
                157.123.68.40.in-addr.arpa
                dns
                72 B
                 146 B
                 1
                1

                DNS Request

                157.123.68.40.in-addr.arpa

              • 8.8.8.8:53
                198.187.3.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                198.187.3.20.in-addr.arpa

              • 8.8.8.8:53
                0.205.248.87.in-addr.arpa
                dns
                71 B
                 116 B
                 1
                1

                DNS Request

                0.205.248.87.in-addr.arpa

              • 8.8.8.8:53
                200.131.50.23.in-addr.arpa
                dns
                144 B
                 137 B
                 2
                1

                DNS Request

                200.131.50.23.in-addr.arpa

                DNS Request

                200.131.50.23.in-addr.arpa

              • 8.8.8.8:53
                34.56.20.217.in-addr.arpa
                dns
                71 B
                 131 B
                 1
                1

                DNS Request

                34.56.20.217.in-addr.arpa

              • 8.8.8.8:53
                2.173.189.20.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                2.173.189.20.in-addr.arpa

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                79d4c134f3722c186661964eb38431f6

                SHA1

                d5792442aba6a8878a71bcf8c485cc209f5a60cb

                SHA256

                a3201d22fae929a74ea4063c143888dea2e0fdd009f6f9bc135358a27b0af54c

                SHA512

                a9569836a5fdf04ac44f4df89b9427e3676be2fd888d3fb62f22f6a1359500fe963db022c8371acf20a8f567750565dc88e5633f9d51f2a425cc5767a0c121a9

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                36KB

                MD5

                b30d3becc8731792523d599d949e63f5

                SHA1

                19350257e42d7aee17fb3bf139a9d3adb330fad4

                SHA256

                b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                SHA512

                523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                56KB

                MD5

                752a1f26b18748311b691c7d8fc20633

                SHA1

                c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                SHA256

                111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                SHA512

                a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                Download Submit

              • memory/3684-28-0x000000000A880000-0x000000000A8A1000-memory.dmp

                Filesize

                132KB

                Download

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.