1b15945ff06faad5b00e9afb8c5dc46efb7a7f273ce078468221e8ac855d67c2

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1df81e119d90bb224eee31e2ae67659_JaffaCakes118.pdf
Size

33KB
MD5

f1df81e119d90bb224eee31e2ae67659
SHA1

93ab74576702a6dd85d96aa2fe211596f0616a88
SHA256

1b15945ff06faad5b00e9afb8c5dc46efb7a7f273ce078468221e8ac855d67c2
SHA512

6f1572d0604879950b04befe957f79339a31af6906a05b868a7b13b958ff516581ee5380a2548aed1782e41673b206e679bb79cee0fc7826dff516733f292710
SSDEEP

768:cgGzpDG7GA5BXNH6QFp/TLwfnVfU8mAFxb/c31DfTVo:5GFqVlF9T/omeb/c3hfRo

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3600	AcroRd32.exe
3600	AcroRd32.exe
3600	AcroRd32.exe
3600	AcroRd32.exe
3600	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 3676	3600	AcroRd32.exe	92
PID 3600 wrote to memory of 3676	3600	AcroRd32.exe	92
PID 3600 wrote to memory of 3676	3600	AcroRd32.exe	92
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 2608	3676	RdrCEF.exe	94
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95
PID 3676 wrote to memory of 4260	3676	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f1df81e119d90bb224eee31e2ae67659_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3676
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D3F6523889BECC29AE67E75220C1D2CF --mojo-platform-channel-handle=1704 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2608
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3BEDA9AA6B8356C56BF2A514433D86D2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3BEDA9AA6B8356C56BF2A514433D86D2 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4260
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E47DC8A3BD8E20DBA8A68E506524A4A2 --mojo-platform-channel-handle=2276 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1840
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B00132F4603A00F96D83C688BC50577C --mojo-platform-channel-handle=1908 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4644
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7EDDD976DDEF7F39914EEB6E26B17A00 --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
28427a21eee158517a97c0f7a567f3bb

SHA1
7d9ff11175b37613bed68254670de9e9cb027bab

SHA256
dac21e8a6a6d5cf9aa08beebf716b5380c059c03c97f8a43b6d7062636bdcb62

SHA512
22cc913cba05d07067265c0a15e598961eceb1607b0d3bf073ba1e1f3e2a0283f64595f8c032080bda7d8af45a5b07bd35efd1ac7bf2281d49684275db9b92c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
eee92b5d364406a7e39ad7f92f694386

SHA1
a5567879178ff700ec3ea4d16a6dabc5a68b7dfa

SHA256
e70a24639a1e611e5d14cf80d925cb03acd86d1f638bf8b626adac5f658cea35

SHA512
8fbfc508defeb99155d7dacf9d88310919ee1a92f4cc4d4d929de29251b7f405131d4fc69c7625c2e54ace41f75318e93b5ad683406f9108560d105de437cfe3

Download Submit