73efc15453cfed3644d36ea75d257cf86485a1c8ee8e4ce08f40f59cbb33a3a5

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6cb29c66fbeca2ea5a2c6ebac51907f_JaffaCakes118.pdf
Size

34KB
MD5

d6cb29c66fbeca2ea5a2c6ebac51907f
SHA1

f9ddf33b214144ec753fa2531e7bc77e0278c485
SHA256

73efc15453cfed3644d36ea75d257cf86485a1c8ee8e4ce08f40f59cbb33a3a5
SHA512

3ccbf8544ccd6e2b8542e869c896a4144b0f2a7f15c22d707ec1afa8f2e05e0f658d99ce900283bba4c8cb9290c5b0ad1595f0957058785eb5cc6439a8f86fa6
SSDEEP

768:9EVDctFJ0sfCpNbBZJ1+LvSWcjO2I4E/HS:iVqJcpN3J1+tAO2VE/HS

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5000	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5000	AcroRd32.exe
5000	AcroRd32.exe
5000	AcroRd32.exe
5000	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4000	5000	AcroRd32.exe	93
PID 5000 wrote to memory of 4000	5000	AcroRd32.exe	93
PID 5000 wrote to memory of 4000	5000	AcroRd32.exe	93
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 528	4000	RdrCEF.exe	94
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95
PID 4000 wrote to memory of 4948	4000	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\d6cb29c66fbeca2ea5a2c6ebac51907f_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4000
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E06BFBC073F94681C94609BEFF6265B9 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:528
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7548846E955EAC8967943ACE377A7235 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7548846E955EAC8967943ACE377A7235 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BEB550F078D2D3EE03A2E6861413BF58 --mojo-platform-channel-handle=2172 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1408
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=052898EA74C3C0551EF1456164363927 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=052898EA74C3C0551EF1456164363927 --renderer-client-id=5 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1580
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D7BC4AE92BE46DABFFBD2C0D2856F290 --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3924
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6D644E2403A00FA25101F11ABCA68EE0 --mojo-platform-channel-handle=2180 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
fc90c5b6fc9071aff0f86ee6fd6d0f72

SHA1
028e5b004c34836cedf1305540cfd9e4b3773ee9

SHA256
b61572717cbbcf684b745dfc9772d847bf5548e4ad2e77dcedb80e837e46e22e

SHA512
95d32252f6c7c157e28c6cee76ab4d5ed5b51e6c082578c9b69fe037adf656290ea88984952c9984e80bedf069ba9134e801642b84c468c14db99adb2a9a3d70

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
598c710a88b0fa6e594f2a91f16468bd

SHA1
ff863438c01011125c3011895429a4af0755c60b

SHA256
ae55fc76cb3c6ab5bd8b097538e5bd0a09b279002f577787e4575851a3c358d7

SHA512
c25a62aaf15ff482824fce07b810caed38f63fe9fa91580b90be4be5e17b4b317db05da1e0e78a0c1a1a258fd1c152efc800337037501c9f56543bb00d6f55e6

Download Submit
memory/5000-31-0x0000000009E80000-0x0000000009EA1000-memory.dmp

Filesize
132KB

Download