2999a14c9cccfdff6bf00a99f6ee5b95efcadeb1c673a125fc82f36db8f745bc

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 10:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e74ba048bf61ee294a283aaceb74324d_JaffaCakes118.pdf
Size

34KB
MD5

e74ba048bf61ee294a283aaceb74324d
SHA1

a68f56f83632792b9a9a084afb5e334a059c40b5
SHA256

2999a14c9cccfdff6bf00a99f6ee5b95efcadeb1c673a125fc82f36db8f745bc
SHA512

46f77363088db6bedc924d3c04c862c34b1c89628f2e7e210a7f9d7fd5c78da1b2934d3ebab58e5faa84216c04fb3d71f97ee35f7af4f6f34eb0b75a40bb36e7
SSDEEP

768:6qvMi5z+9kxspQ2NQwVLBP0sT10wJjaq0zCyNTh:lMe4FQ23LuwhaqgCATh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1216	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1216	AcroRd32.exe
1216	AcroRd32.exe
1216	AcroRd32.exe
1216	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 3656	1216	AcroRd32.exe	90
PID 1216 wrote to memory of 3656	1216	AcroRd32.exe	90
PID 1216 wrote to memory of 3656	1216	AcroRd32.exe	90
PID 1216 wrote to memory of 1764	1216	AcroRd32.exe	93
PID 1216 wrote to memory of 1764	1216	AcroRd32.exe	93
PID 1216 wrote to memory of 1764	1216	AcroRd32.exe	93
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 2516	3656	RdrCEF.exe	94
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95
PID 3656 wrote to memory of 8	3656	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e74ba048bf61ee294a283aaceb74324d_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7A57E13CA49A64DC9F698BC2F2183CF7 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2516
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6A787BE4667B644E1A62B9A637F1F4DD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6A787BE4667B644E1A62B9A637F1F4DD --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:8
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DB2BA04164E66730B90CA20D15FC00F3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DB2BA04164E66730B90CA20D15FC00F3 --renderer-client-id=4 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1140
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=14902EF5C42476C1E6186C1A96BDC298 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3548
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=938805BC6BAD45001ACFBCF9499872CC --mojo-platform-channel-handle=1972 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3708
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2DAC17D9CCAA092E17B9A66923AB73C0 --mojo-platform-channel-handle=2752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1188
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
f28bc6a807e9a0bc0bdb6f34f1d43494

SHA1
5bc5a6ab218640f98ef87bbcfb3dfed1ef0d8849

SHA256
54d39d32f15616a30bfd21fdd562313e3ca3751c046a4d78f3d57a88f33dfe8e

SHA512
a43abbcbe3c4283bdb5e6190c56b5beee4f41fde511c435970f764389ab52a3be3268cd64f6efa6146d68698025159571de6c8b01b9d25c7c8ce57c65997dc7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
24b11032bcfa8d018dd8d346996ca5af

SHA1
a727ce1100f565c69eef51d12c6b0e20c42c6d20

SHA256
331157215b16e8943e4515dd04c5826d66c64a14a54149549aeb2af5a096f721

SHA512
421dee6a2f445f0180d96f0b9529f3b80395f371ff0f8e23047277823a850c13aef7c4cb63bf9a2455620d54c210bf53cf93f4a00cb10d4444c92c4f686b00cc

Download Submit