70a900b630b7c6b8beb5f326acaa74fe9ac4a96bc81ad0e863ddca77a29e22f6

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f94e32af966bc8f44f9c14c8c809fed_JaffaCakes118.pdf
Size

100KB
MD5

1f94e32af966bc8f44f9c14c8c809fed
SHA1

559623a14b8d343ef6e32e98f4a7041ab90f5fb2
SHA256

70a900b630b7c6b8beb5f326acaa74fe9ac4a96bc81ad0e863ddca77a29e22f6
SHA512

11741f6b7ece4ba62980116c867ba0aff5e56c51d97346f3184749f6af81c3d24a1183532539372dbcd5eaaa10ceca54cbe7f4df9620e4af0d92c12f2cd05efb
SSDEEP

3072:f5JPGDsAzSUPb7CNTTdIrGFJaZNqxd2rTLA:h5O/GUX0TTdIrsEU

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3400	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3400	AcroRd32.exe
3400	AcroRd32.exe
3400	AcroRd32.exe
3400	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 4428	3400	AcroRd32.exe	90
PID 3400 wrote to memory of 4428	3400	AcroRd32.exe	90
PID 3400 wrote to memory of 4428	3400	AcroRd32.exe	90
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4820	4428	RdrCEF.exe	93
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94
PID 4428 wrote to memory of 4424	4428	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1f94e32af966bc8f44f9c14c8c809fed_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4428
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A4E8E129E395CCE0801180420D58C2A --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4820
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DC993D6D6340561AC3FE088F92C51EC6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DC993D6D6340561AC3FE088F92C51EC6 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D0F6D2E4ECDC6008D7FE293874826AB5 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4956
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C52A1BD5C057A4FB610510DA316913C4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C52A1BD5C057A4FB610510DA316913C4 --renderer-client-id=5 --mojo-platform-channel-handle=1968 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1528
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FF217403F354520FC6AC6F2D7F36829D --mojo-platform-channel-handle=2444 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1744
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BB8B8D4973827F18A22F2DA9391001AD --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d8dbe7d717ed2f91d506b2e80fd4f330

SHA1
3ade4b428b2c466b51b0f97bbc66180474695abc

SHA256
f4ec8a709616b31b0efada1c498209b5fedaa98b4b4d3e5f08ad607d5573b68f

SHA512
0ef4b2a1f2f6e4fe20989ecd06509c2e44cbf3e0c2a3ef1163269104dfe72af63acaf8fb0dbf152518b2163ba5d282bacd124ff0dee1319b7b50a079dad739e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
97f83c851de25cf26a9ec6d89938c19d

SHA1
d742b63e446ae4d141573a483472fa965d444713

SHA256
c116ea7bb89de1100d1df4b29c74e36f41ad627416c491e706ae714ddf065271

SHA512
24bbce6fc7f3c9b0b16250d9e611d0daf300a75f6e3ab59d7a95eb8ee22ab1cd5a63d2bf30a0101b332757233c741e695176f18e265a680aa88e3dfac2c18cba

Download Submit