4428e1122bdb68f5486f8e2662901bc4a348eb7cee23f09d5506537065befb3f

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bec0e5a75fd43a9790c5a7533216c975_JaffaCakes118.pdf
Size

45KB
MD5

bec0e5a75fd43a9790c5a7533216c975
SHA1

02f7878df727e5beec663f1b3f9d8fc0dca9887c
SHA256

4428e1122bdb68f5486f8e2662901bc4a348eb7cee23f09d5506537065befb3f
SHA512

d91278fdf4fa6fa71ae49b2279a16dd9416c06281a5c0677fa210b6ab767be8f6c1ade6c8a94d583d7bde07bb0e8cf82a7904e955e22ddafae5fb2a1154565ba
SSDEEP

768:l4IQSE6vrC/GzkuHAW1mqIH+NVpomv1i7wahnsjDAcBJ0WJE:l4IlE8PHdNIH+NjvA1hsTLE

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1364	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1364	AcroRd32.exe
1364	AcroRd32.exe
1364	AcroRd32.exe
1364	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 3544	1364	AcroRd32.exe	93
PID 1364 wrote to memory of 3544	1364	AcroRd32.exe	93
PID 1364 wrote to memory of 3544	1364	AcroRd32.exe	93
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 1048	3544	RdrCEF.exe	94
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95
PID 3544 wrote to memory of 4596	3544	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bec0e5a75fd43a9790c5a7533216c975_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3544
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E4DCC8B9041EB6816D60813398B89E0C --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1048
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A11A1086993A64D809D19611C3F4A975 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A11A1086993A64D809D19611C3F4A975 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4596
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C9543AD2EC9281F43C31FC8D4C1E76E --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3324
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DCEB1147670C73D82A95CACC62BAD50B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DCEB1147670C73D82A95CACC62BAD50B --renderer-client-id=5 --mojo-platform-channel-handle=1876 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2824
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CEE36C8D1E76F70984D3B36508C91B53 --mojo-platform-channel-handle=2436 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=56E25850965EC452B1A59E183A5E73DC --mojo-platform-channel-handle=2384 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
a16768085d6ab3c24aa5aed3ab392c66

SHA1
a3065dfca2b5d08fe23dad0e6ed5ae6b881f6690

SHA256
e87148ffdb9767ae65091488201119ae81a7a96bfe709ad999ca300f1f2ea735

SHA512
f2e0401afb5bb0ae802db16971c60dd17f4fc31e8ef4f12a045d700855ccbc81f1562a6971a30dccbd66369b2aced37c93f3f5f0d1ff2a78fd0a6d72a44e6f54

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c2dbec20e3cbb0eedb09c39723078e38

SHA1
faafa12fcedc500adb899e5b4998357f77fd9963

SHA256
0efe4553ca88580e77fe244ec3bec517589a063db6d8ec1c8c25d9f9af43aa22

SHA512
6554897004fc2300faa3aa503faf857ab6fca7a9ccf4dc10526fa783e188004bc82c0b91e2daa7c29c1f4f71fb3f60b443a88eb163630f432636d3ce01c9bbdd

Download Submit
memory/1364-30-0x000000000A320000-0x000000000A341000-memory.dmp

Filesize
132KB

Download