bed2e9c6dd2820f87e73dcf6a7b5970d07a7a25f6b10f5418abf84e25a4e4996

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 17:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bddb30f2132a7231d969e358ca90c8a1_JaffaCakes118.pdf
Size

71KB
MD5

bddb30f2132a7231d969e358ca90c8a1
SHA1

41c5859e047c742b34e960c3a147a57c673a9982
SHA256

bed2e9c6dd2820f87e73dcf6a7b5970d07a7a25f6b10f5418abf84e25a4e4996
SHA512

06c3c22af99b2fdaa6793e985622e02fc2ef128f91ab729315091c2b6fb8dd6a14eca41240eee1ac6a35cf2fba0b741223967dc3ed1933f4a984d9eea03fe676
SSDEEP

1536:YctFB2Ca+6umlJdt48EKMghMtwIU9WNYWIqSWKTfWQpOCg0qlTFpt:dFtPmlJdu/7gEwIa8TSjTqCgvp

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1340	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1340	AcroRd32.exe
1340	AcroRd32.exe
1340	AcroRd32.exe
1340	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 4420	1340	AcroRd32.exe	90
PID 1340 wrote to memory of 4420	1340	AcroRd32.exe	90
PID 1340 wrote to memory of 4420	1340	AcroRd32.exe	90
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 4668	4420	RdrCEF.exe	93
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94
PID 4420 wrote to memory of 1400	4420	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bddb30f2132a7231d969e358ca90c8a1_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4420
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=73A9D7F0DED49A6CF2E64FF61794812C --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4668
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=07F7C853C007AB93595D7C6CCBE731C9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=07F7C853C007AB93595D7C6CCBE731C9 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1400
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4E049FF367253AB542C32D71BB9BC150 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9B44D37942EEBE0EF4425C201BCBD63E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9B44D37942EEBE0EF4425C201BCBD63E --renderer-client-id=5 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2672
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AEDF39276B0079388B8DEA77C89B3120 --mojo-platform-channel-handle=2520 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2740
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A0FE26E163C956B8C2D028869F070AFE --mojo-platform-channel-handle=2372 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
15dc3cde6d92897d9ac0bbb90e565a57

SHA1
32fdb9b7c0e723ef320784a2f353576aa738d71e

SHA256
b3688aa545c50962f135c3a6d49a056db86d2bf6f95ae71d34aae84a79e6034e

SHA512
be0ddff523c590ce8fda7fcb6957bc6714aba76ddc239bef332b51d773ed1183a7ce165ba6dd08bf983eef982b1e163e746dacbee6622e2515b15687d770b3f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8756610c3d417d0ad25600eca8c68f27

SHA1
133c87c4021132dd0a1627f1740113fe3b51c4b7

SHA256
422120b03b0e1215addfb1b2dc8173b3d5feb45799cd45b810b318a05134fb47

SHA512
0199a2254e7741f9d0bea49312f0b572e849bad9db45de56760f1d4960467dcf13ece3d2522cf9980e51a40f87026075ef11c111e08cd25fd85de6df7bebb092

Download Submit