4ab0d89806b1670672b367abef424acdc6b3836f66e387854dfa9e33ed21886c

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c65c8e321ac2cecb318859f16c6b2e9f_JaffaCakes118.pdf
Size

33KB
MD5

c65c8e321ac2cecb318859f16c6b2e9f
SHA1

1364cd5f3d06128882c7df7ed2dd4ce9dc81b992
SHA256

4ab0d89806b1670672b367abef424acdc6b3836f66e387854dfa9e33ed21886c
SHA512

84dda4ca85ce940bd8db8e9bdee5e0f153de8a3807bd98a912f24271a4fa2c9c09e52e4728f965a04eb8b87dc425c2ad20ad3eba6e7a36954ce96f641ab8c6c6
SSDEEP

768:eH9tVSLvezLBiO6pTEDQAv/cq3X5+lHsHDUSwAs9ptduWTAk7J/rcJjaDxJ:eH9tVSLGzLBiOoTEDQAv/cq3X4lUUSSz

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2236	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2236	AcroRd32.exe
2236	AcroRd32.exe
2236	AcroRd32.exe
2236	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 4116	2236	AcroRd32.exe	91
PID 2236 wrote to memory of 4116	2236	AcroRd32.exe	91
PID 2236 wrote to memory of 4116	2236	AcroRd32.exe	91
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 1728	4116	RdrCEF.exe	92
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93
PID 4116 wrote to memory of 2504	4116	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c65c8e321ac2cecb318859f16c6b2e9f_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4116
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=01DFF865043C6EF1CFEB8AC898EFE06B --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1728
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1780410B83568868E5EF12BF5078451A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1780410B83568868E5EF12BF5078451A --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2504
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1FDBFF02F2066842D5C1E6893532B003 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:332
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6D0ACBA5C866054DD384E15F264B98A0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6D0ACBA5C866054DD384E15F264B98A0 --renderer-client-id=5 --mojo-platform-channel-handle=1872 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1120
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9E8DC537844DBF4101FF27EBE2E7C644 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:620
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F1BC47C34075101C50FACF74998C1672 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d5ca916833a421c7914616b16a0314a6

SHA1
7f1dee0d1fe3b68c1b6c272733fe7940620ef52a

SHA256
ef2950c972eb64ee331c622e1cce3f8254fafe465b368436aa2cd6e7769c5089

SHA512
faa3ff982c2524df253f0821c2f08c8a3f529042d3326ea44b32535c2a613ff1fda1482a78d06e2ae78ea76f9170dd3b0322504916a0a5bee19567011841627f

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
fb9e275b384ee8907f65a3017ba0e635

SHA1
d2145407f381f950dcdda7b571e25c1f97bff27e

SHA256
2e1d95819af4d12dc0a68fe3abb3f79614c5159c0c7bafa43fc400648e297719

SHA512
6fdf9b8f30f198dc730a2f60b71fca00fd6828d402d4adf1e7ca3aa72959e74784cba184aa62843b265e855679e827660ecb732dbb9337fd0c7f9acfde6fb950

Download Submit
memory/2236-30-0x0000000009CC0000-0x0000000009CE1000-memory.dmp

Filesize
132KB

Download