4b357483be14a4746a97b8a3986a0e438a540185d843b61ebd2a117fd9ba0869

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

edaac2d95c87dd1cab074db9b3bbe5b0_JaffaCakes118.pdf
Size

79KB
MD5

edaac2d95c87dd1cab074db9b3bbe5b0
SHA1

25ac7e56188fdc08baf7d3dac6ef881baec5cc9e
SHA256

4b357483be14a4746a97b8a3986a0e438a540185d843b61ebd2a117fd9ba0869
SHA512

71e72e3f63904324c04cbfae57369ae6dac09f8562d764335c31d3ca06bc01495c38479ac685959a3e249b2c17b090e1d08fc8041fb486ed70e7e179838f84f8
SSDEEP

1536:RGlSFDi/oSr/8s3I8HzTimzFQpbxzwIhYad+Rsk/IoTJiH:asE/8snHCmzAVUIhYAgsKY

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1428	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe
1428	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3804	1428	AcroRd32.exe	87
PID 1428 wrote to memory of 3804	1428	AcroRd32.exe	87
PID 1428 wrote to memory of 3804	1428	AcroRd32.exe	87
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 3016	3804	RdrCEF.exe	88
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89
PID 3804 wrote to memory of 2224	3804	RdrCEF.exe	89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\edaac2d95c87dd1cab074db9b3bbe5b0_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3804
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=375FE55C3C10E5E1F726E0167A4703F0 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3016
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=96421D2C1205A087F22C21AC07001E46 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=96421D2C1205A087F22C21AC07001E46 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=229457E25BD757D912601C6FB72DE8A8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=229457E25BD757D912601C6FB72DE8A8 --renderer-client-id=4 --mojo-platform-channel-handle=2168 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2552
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6B7558A58D0570CA7BE8750DF8FDE238 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5040
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EC27974A93BEA1CA81AE72CC9C079ECD --mojo-platform-channel-handle=2580 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=36006AE7A0AB93A09BC8E6FCE85D0EB0 --mojo-platform-channel-handle=2604 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6c8712278fe02754474dc984bee7a719

SHA1
6d433245a87ed8027efe922887ba665f774f0502

SHA256
c1e2e29e6ed490c9d3d7da02b339abdb7b2a7f24af5bd1d73421fe8eeeb16828

SHA512
368cce7626bbe8badd41edbbb05c728cf52d0f92d18dadc3d499a78c29351e7adb68a858ff0faf655f1ce0f2f78f38ffb614da358b2c0c875d472dc253ea6185

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
08855640e47af79286a85c2c84b365b1

SHA1
f459ece7b009638eab2d3963f312d79342dfb7a1

SHA256
605ca92b033f4b72ffe7a5257c378fb9834bd85f044ddf1287479a57f699bcb0

SHA512
766e21ba6b2701b5cdf713e9d09042bf33151e6b704a09d1cdf3933dc9e29e31b24ad70c9d2b51eb0d93e19e34a7e68d5446f479742c0d008011a38f307d5f29

Download Submit