8f42f8ba7faf1aaf5fe71bd19ca7fc48ee284fa15348f035829cedb1dba663e1

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de998b34b7e4ffbaf92e72d38c50d449_JaffaCakes118.pdf
Size

89KB
MD5

de998b34b7e4ffbaf92e72d38c50d449
SHA1

a1bafaebf64826e3de0a2d368642e77380f91d92
SHA256

8f42f8ba7faf1aaf5fe71bd19ca7fc48ee284fa15348f035829cedb1dba663e1
SHA512

90ac25f06f42116571df92e57fe891960d6ee89e295e28df1f91bf4d04cf57a6b037f5957eebf421738547f1e94ee3dc3b5adf6f8f2ca16ae69bc5c4902900b6
SSDEEP

1536:EcjQgDau0DrnV1V4wTSR4zuuDYBq0QBLhqmm+2kpzPhdSPl3WFPbrFXh4iPUl:bIuSVL414zmONokpzPhdCloPbrFXyJ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4376	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4376	AcroRd32.exe
4376	AcroRd32.exe
4376	AcroRd32.exe
4376	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 5004	4376	AcroRd32.exe	91
PID 4376 wrote to memory of 5004	4376	AcroRd32.exe	91
PID 4376 wrote to memory of 5004	4376	AcroRd32.exe	91
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 1524	5004	RdrCEF.exe	94
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95
PID 5004 wrote to memory of 2960	5004	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\de998b34b7e4ffbaf92e72d38c50d449_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5004
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=577D622467E3DD188B2FAD80609BACBA --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1524
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4B594D7D2E48327FA24B81F7004C8DFA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4B594D7D2E48327FA24B81F7004C8DFA --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2960
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=71767EFDB0DB4F70B522C2F12306E816 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=71767EFDB0DB4F70B522C2F12306E816 --renderer-client-id=4 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4916
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B461A42081B3F61BF7B857011F8956B --mojo-platform-channel-handle=2460 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BF50B56405EF9CB4D4FA359269ED3295 --mojo-platform-channel-handle=2708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2540
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=200A1FB5822F299F6D705E7E473F748B --mojo-platform-channel-handle=2528 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c3ab256c8298c8b427c9496191a16e87

SHA1
cb3c510981cd48e5c34a5180411bfa04a04c6c0d

SHA256
c389e9bfa453c84234f0c8022cc712550380158c743cd0434f5471004b513cc1

SHA512
1a706744fbf04551c3fbe8c78ec77c570286952cc80e4d577cfaf9743e7a72d1b7c626f48e70abf582eed6aeee0be3b20e5718225ac63aa559d75c5850802e7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
84bfff2813c8ef7c7a7a8dac50396640

SHA1
e4730f53a48e0440dc9f5dd43b6c5370529315fc

SHA256
e83c744eef6258781f639f225d3649065aa840fd7682bbeaf2834ddb3f0abb13

SHA512
11f55e65eacbc17173fe26fa6a0448df955370d2cf127e57000b4813ce6e9182483a3876a37aab9e3f405d17ff9bdc164908182ffb566f9f73a795964f960e02

Download Submit
memory/4376-31-0x000000000BAD0000-0x000000000BAF1000-memory.dmp

Filesize
132KB

Download