e57da090fbcaab64be3a158199f1d8623260fac9a859114548a6d23bd52ea394

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc152bd978a88b5d8fce824ce89b0a7f_JaffaCakes118.pdf
Size

73KB
MD5

cc152bd978a88b5d8fce824ce89b0a7f
SHA1

b83a82266fd645ade186e36ce6b8435ce75f3f5e
SHA256

e57da090fbcaab64be3a158199f1d8623260fac9a859114548a6d23bd52ea394
SHA512

725ddaf0471a5ceef34ac84a4e34219e957ab8cd3c78a2bf316effbb68de0955b8126ed2bc7a48be1bd98f44479ec34f63640f37e7ed6961e98902e79016d258
SSDEEP

1536:w4hWyICtxb8Yd7t2DAeCEDwzH/qdI+yRWvIJqiWGeIWUpO7WrS:zkyI2d8c2hh0zH/0y4IJrer7r

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1056	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1056	AcroRd32.exe
1056	AcroRd32.exe
1056	AcroRd32.exe
1056	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 5096	1056	AcroRd32.exe	91
PID 1056 wrote to memory of 5096	1056	AcroRd32.exe	91
PID 1056 wrote to memory of 5096	1056	AcroRd32.exe	91
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 3424	5096	RdrCEF.exe	93
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94
PID 5096 wrote to memory of 4852	5096	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\cc152bd978a88b5d8fce824ce89b0a7f_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AFFC28E9D0B713EBD14A9CD9F9EAFDD6 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BF6BFFEEA7B916E8D0C176DD465FDD99 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BF6BFFEEA7B916E8D0C176DD465FDD99 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4852
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CB0FA1E676235AD19ADAB3A6FFC43AD9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CB0FA1E676235AD19ADAB3A6FFC43AD9 --renderer-client-id=4 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1668
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=72973471FA3BE92E23316217DF3881D3 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3976
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E5245AE1CF75DD9EDFC0EBAA37AC1CE2 --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7BC0AEDAE5B81666185DDBFBFA03C97E --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1011af6a0eecea38ffa4021ff04597d5

SHA1
ef5ffbb769d7469ff41aeedae0dac3dc2a3658aa

SHA256
fe3d65b4ccc6c61bb66a283c48fea08f13c53631789bd86b38650cb012aae4e4

SHA512
33975d231187b67d36401d836137d60cb62224435f6fa63d01b171bfb036d6ac140d7af03b7044f20020af6397aac0fd74b132b84ea568425a7034dc3a7f5184

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5810d3c77f86ecd6ae3669ba29b85b6b

SHA1
dca8a6d9e89234b176be2e8afe130f35e41a3995

SHA256
46ce642cf06a4a7485b3c7c8b25bef2fa0c72e8b6f6bca3b21817ca44406fd2b

SHA512
1cdbedfa4d36e1323f7053c213448e5458c19fcef9d5ded68e3b97f2ae2bd82df48d88d022cc6a131d4ed1171cde1b4f0b95dfa6a3f6df03d473e82e26a66c39

Download Submit
memory/1056-31-0x000000000B290000-0x000000000B2B1000-memory.dmp

Filesize
132KB

Download