0893f197a008043526e2cb659645161af6ddeb3e29d733a1161ac631b4ae858f

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c68f677a7eb6b83d687d98e2fa04094f_JaffaCakes118.pdf
Size

42KB
MD5

c68f677a7eb6b83d687d98e2fa04094f
SHA1

f5014960a21d09b5218f53aa8000ed90f86c5a21
SHA256

0893f197a008043526e2cb659645161af6ddeb3e29d733a1161ac631b4ae858f
SHA512

f964603d3edb0b41ce09c3f03347834346b1ff71fc3034a638758a1f16e56eb5fde5e901725db891161e1468f842b009b5d87922a074fb9e4c10be6190c501c0
SSDEEP

768:8RR3eydpBuJSFDts/TvsHt9C0YBGPVcMzhQBzQjNs5w1t:81BV+Qt9CPkVcSymj6et

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4164	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4164	AcroRd32.exe
4164	AcroRd32.exe
4164	AcroRd32.exe
4164	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 2476	4164	AcroRd32.exe	93
PID 4164 wrote to memory of 2476	4164	AcroRd32.exe	93
PID 4164 wrote to memory of 2476	4164	AcroRd32.exe	93
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 1192	2476	RdrCEF.exe	94
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95
PID 2476 wrote to memory of 2612	2476	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\c68f677a7eb6b83d687d98e2fa04094f_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9BFC4679EA7E7EE57D1D096E3FAF619F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9BFC4679EA7E7EE57D1D096E3FAF619F --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9B4315814597BFAB7767F31C7CF0A0BB --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2612
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=334131B554212A2B6F3CE82EAF253411 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=334131B554212A2B6F3CE82EAF253411 --renderer-client-id=4 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F6BD7479B6EF99E5437E9EDC5A0159CB --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3980
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C1072EE22426EAA0B1999DF9B4A61BBF --mojo-platform-channel-handle=2716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2848
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4667FFFB6E28885026AA34DB7E5FA456 --mojo-platform-channel-handle=2840 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
16656743f0f807e438bcd645c40d5b17

SHA1
a62c1018c3f6b99395a591d58d238e08f061d09e

SHA256
c7a5cbcbcd89e27c98993d2937fd74b362083b5ca5640861878e4a4655f371a8

SHA512
5ea29b35de9f7c59642e2db096c7bf0280398e7d66f60489220066ce0cb8489ff2b2c718b6fb2c076c20c7bc2ce803a728d85ccf0763894d706fef973538f349

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7c1572bf2ba29c4aaf08a99d8cb2bc8f

SHA1
af3ca521a1f330e71bc510c34f9d3bdda04566e5

SHA256
69d4288d3c50c51eabdceac1177613cc25451c3fea21b17bfcf235a404574bd9

SHA512
eecb79773a6a4467b8fe2dbb3656b795a4547b138bc9b4b0d33f98167b583d9ac2ba58c14fe48c5dc27f940f9f0de9550eef88f7d1a49967f7878a021bb00b14

Download Submit
memory/4164-30-0x000000000A650000-0x000000000A671000-memory.dmp

Filesize
132KB

Download