7e79785ba729959126e454b980a50283879004f69d798ae67cc1cedb2e4eaac6

Analysis

max time kernel
142s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dadca9517758ed335bf70964effb909a_JaffaCakes118.pdf
Size

80KB
MD5

dadca9517758ed335bf70964effb909a
SHA1

43702ac53e45cd835032c18c98663e2fd1615d41
SHA256

7e79785ba729959126e454b980a50283879004f69d798ae67cc1cedb2e4eaac6
SHA512

683480ec41b872ba1c7c3afa24814cca9b7698d27cab11b7c0c2e97876fee9d90e256a4ba9daa839b5332d7e45aa940cf371ae1f8fc5c95327d505933175323f
SSDEEP

1536:5bnZoVsgp+2TkuuGWU/EFnKYCkYrSM8SBeYCHds7sIWl/htNkfcf:Vqu2c5KK995IYhtKw

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3244	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 408	3244	AcroRd32.exe	93
PID 3244 wrote to memory of 408	3244	AcroRd32.exe	93
PID 3244 wrote to memory of 408	3244	AcroRd32.exe	93
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4000	408	RdrCEF.exe	94
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95
PID 408 wrote to memory of 4624	408	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\dadca9517758ed335bf70964effb909a_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:408
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E2BEF6CC5E0B8898E98810A43DF48AA8 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4000
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4CFE8272003AAE92066CA86435D1F508 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4CFE8272003AAE92066CA86435D1F508 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4624
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CC9AA7EFFB2A520BC969A5B3668DF4AE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CC9AA7EFFB2A520BC969A5B3668DF4AE --renderer-client-id=4 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4E3DC710BD04AD6B85E6703E7D9D50E9 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1884
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=95147447C64FAF63234989A176810EFE --mojo-platform-channel-handle=2632 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A942CC1FD499692FF4CE8EC9732D376B --mojo-platform-channel-handle=2692 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5824d0b03e22230abdde01dce67133fd

SHA1
016ab285c588b8d71725827ac43a0a5320f7046f

SHA256
b210a7d0ce4032e21f5e17e0efc66b60a1c935566843faa2af7a7986fe96b66c

SHA512
2556a8e5efb08e06e4175ba9c9bf287d377edaecbe56ee5166a1111fa83e6fc5451be1b805c3ad625a06277ae1bf35fb8237b1de35b135c190df695c57c3da6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
cffda7435f2899bf4e263a3b8c37ac04

SHA1
bec521f3f3166a05923e77991f97074a0acef9f3

SHA256
6e181e034d9fdd075fdc6e9ec3f4d18de5a158238a476b79b050fa42c081f862

SHA512
9181a818304c5c4e135b7d110aa398734278b3e99ac02bbd7b8c0c6e165b681285dc9e230f84db01b87c1e40ec5dc73864d2a8fd8728329f3033918db6c6f8f2

Download Submit