9568fe8bbc7fa243afdb6d85f9fcb93c80722e3cfa7d14d861ce14c9c585bbda

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf485c588747ea3211cabe3370638c2e_JaffaCakes118.pdf
Size

83KB
MD5

bf485c588747ea3211cabe3370638c2e
SHA1

9c95221f71e8e4060369daf3cf8f2649419cf754
SHA256

9568fe8bbc7fa243afdb6d85f9fcb93c80722e3cfa7d14d861ce14c9c585bbda
SHA512

17b756d9a0a4b44bc770476a4932a0e5a4802753868283298cd0ab8c2b47e31a2a59bd4ca2aca14e1155e011be8ef31fa36cc1bfb4e75fb65cb9839b95cf4163
SSDEEP

1536:UhzZLF+JyymB5MTO3ytSG0euxDtYT5oLC9nW9rtkNNp8BWXpO/Wzd:QRMyFBi6C0G0euxY5oLC9khkSL/k

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
820	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
820	AcroRd32.exe
820	AcroRd32.exe
820	AcroRd32.exe
820	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 820 wrote to memory of 4280	820	AcroRd32.exe	88
PID 820 wrote to memory of 4280	820	AcroRd32.exe	88
PID 820 wrote to memory of 4280	820	AcroRd32.exe	88
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 4844	4280	RdrCEF.exe	91
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92
PID 4280 wrote to memory of 3336	4280	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bf485c588747ea3211cabe3370638c2e_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:820
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4280
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=676BD923EE1D996AA3DEFA94689DAC1A --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4844
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=570905EC77C26757338ABC77B2F4CD3D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=570905EC77C26757338ABC77B2F4CD3D --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3336
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3027C7FE7E1590E83B169E3B8E759B3D --mojo-platform-channel-handle=2184 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:644
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EABF6B9982CB4AA300FB0ECC0AA71C51 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EABF6B9982CB4AA300FB0ECC0AA71C51 --renderer-client-id=5 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4552
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A9382837A88E969FB20E2CAA5B45AA1 --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2176
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=15E715B20447801F7E8A32EEAFAE5F59 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
2b200711eff7828a3a845e6bbbe57bfd

SHA1
bdc3e58001c46acc0ffe81e5f500cb0ebcea1a26

SHA256
213aa21ef975a790441e2435408d21fa256f60bdb37b9a55a7da7cd717b22dbf

SHA512
629fc749b832dbc2591534a1d0cab0bc1c3e12f4b6ffd82103d5fc04bf157986d12dcab439fbf7c5787ac1e3a71c7d7436597c749474bd43fdd1a5ed425789f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
fd3d9b962f8b4f440de0f31a67e3db1d

SHA1
fc43fedeed6d55d87cdcb830071028ca39a3ce06

SHA256
7bb4e49b4c1e22b83b7b588c71855f5e2a40a1c2f303e4068731c0ee9cd1ba1d

SHA512
0b837c62864038a5b1a036983a97eb997eebb5737908feccae97e594ed6be92ba3551a96fc29fde2ea9ac550580ad2c9c0f1b8efcf36682ef89cf7e365a2e26e

Download Submit