f73736c2769021de75fc0f0ce64c7778e3588661856a6437b61b75c28002bcfb

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 03:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f0404574c5da14ee2e56a732788298d3_JaffaCakes118.pdf
Size

96KB
MD5

f0404574c5da14ee2e56a732788298d3
SHA1

e59e230868cd1ecd7843fee69fc5d1f2066b2c8f
SHA256

f73736c2769021de75fc0f0ce64c7778e3588661856a6437b61b75c28002bcfb
SHA512

c0c7f9c3a2cbc9f15b74c023e7c42db6b350df52355a2d81e97c9767ea275814d67a26661968ef3082fa5536a53cab49db9776960007e7e9bfba5457168d23c2
SSDEEP

1536:yRxGVG76n8hWMGpAHzBE8kocejdQimI7m0bhUWUpO7qWATya632Y19mos2H:aGVG7wjdATe8koRQimIm2X7US2k9zH

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1136	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1136	AcroRd32.exe
1136	AcroRd32.exe
1136	AcroRd32.exe
1136	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 4360	1136	AcroRd32.exe	91
PID 1136 wrote to memory of 4360	1136	AcroRd32.exe	91
PID 1136 wrote to memory of 4360	1136	AcroRd32.exe	91
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 4296	4360	RdrCEF.exe	92
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93
PID 4360 wrote to memory of 1068	4360	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f0404574c5da14ee2e56a732788298d3_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=305353B6C4F48BB47C086C38A0E605E6 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4296
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F9631BF4A44A907C33BE7C58377A6EE3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F9631BF4A44A907C33BE7C58377A6EE3 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1068
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=899B5AEF4C36D1E1785FC04B3C674104 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4084
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C09F37B27DB72DEE09DC822BAAB9F727 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4152
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6162AF1FDD26CBD7ADD2C5DFBC86E2BF --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4248
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6D563DA9C880FC198FA2126F038C5C25 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6D563DA9C880FC198FA2126F038C5C25 --renderer-client-id=7 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
87590ed68a7226e51fe3322acdae06a8

SHA1
141c76550b9a75a1aff2f8d550980762b2b72079

SHA256
1874adc8450bdc1397f379b00ddef59d345c0b3027d3f8986c19d66386bc8208

SHA512
39b825735d14551705a1eb807ce8e6c574733cd7d646d1d9c08aa75c622627e2f74c5601351f89b9843475b1fd1e71f9ac97224d0d5560a4ca2fc4f977de8132

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6024b3a1eda368928fc541368c107d85

SHA1
ed5e0322a8bb5c81e3e03255fcabebd4e5b62afa

SHA256
920a89e0642dd2c86220c7c91ebdc3640f2531a80013e92607c0fd74f1e1791d

SHA512
40a8cb255fdfc4bfae70934502267e1c73cf53021bf77c7d1137e0f32ba36ca52925109414538b0e20a0cb484687381bec0c1a21a088dd7accdf9503caf88300

Download Submit
memory/1136-30-0x000000000A430000-0x000000000A451000-memory.dmp

Filesize
132KB

Download