7011b0c959a8b9bc2e2fa7b5286341ee6ab35c2deedc6049159a4ca644dfd42a

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 22:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f46f39d65b0b0f15bd22fcbd9f733115_JaffaCakes118.pdf
Size

133KB
MD5

f46f39d65b0b0f15bd22fcbd9f733115
SHA1

e9952ee11efdd74b0d57a49141fe8df713648ee9
SHA256

7011b0c959a8b9bc2e2fa7b5286341ee6ab35c2deedc6049159a4ca644dfd42a
SHA512

f09ec38c265ddf0b19f8edafec4f881c98f4f073c7d566c81c9c22ce7c0cd94fa9cab102090af80d5bc7dd351ee0e8d689c66a7779d6dbad2199be840451dccb
SSDEEP

3072:tF7pvj86CgQb5wLfjbIYkeuVLkD6uy21UoBi5ikaCm6h8df1:zNvj8Jhb56wYqLY6u/zBiYkazf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
628	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
628	AcroRd32.exe
628	AcroRd32.exe
628	AcroRd32.exe
628	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1492	628	AcroRd32.exe	89
PID 628 wrote to memory of 1492	628	AcroRd32.exe	89
PID 628 wrote to memory of 1492	628	AcroRd32.exe	89
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4100	1492	RdrCEF.exe	90
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91
PID 1492 wrote to memory of 4288	1492	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f46f39d65b0b0f15bd22fcbd9f733115_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:628
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1492
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22A4A514DE3E4C20E76999CD594C859E --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4100
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3F7E477A999BDCB353462A2FA006FA10 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3F7E477A999BDCB353462A2FA006FA10 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4288
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=93DD35D6C24AF71819311E9962400554 --mojo-platform-channel-handle=2152 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4812
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3B54FB4853F415836E58AD6B104CC7AB --mojo-platform-channel-handle=1924 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4356
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=40B6E74B8F0EDCE1E1E1EFFA98225FEB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=40B6E74B8F0EDCE1E1E1EFFA98225FEB --renderer-client-id=6 --mojo-platform-channel-handle=1892 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4440
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=52EE99E5E0CC961F358E408CBFCAEAD8 --mojo-platform-channel-handle=2708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b4cd12646664fc81b9cd11bdc72e87c7

SHA1
35fa142dfb3a77b2c0c8ddb702c8b4ba1f2b105a

SHA256
13c870f88520fc285f8c7a26103f4c117aedb6c5ca1c90b83d2b6d64e45a1810

SHA512
5a0142a070c7ebc5452e909072d2ca4fe4ae20b84697c6cec1835f7f1a6c25b17da56268d448eb478307f3dfba355fffe4197c54314eec81cdd08c49861c2e7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8fb99325ca9d1af16d129dce896a45f8

SHA1
97e175a096c03bcbea44b194623ebeae56fe143c

SHA256
50e4581de63625b8fbb4a2e73b2591c26cde80525ea326407cb02a2014d4572f

SHA512
93d5942c88521fef191e53d0d1ce475f1f4568f03af5e67287db1bbb4bcea98288cbc5c98b36414946ad1b9010bca89a4e7196409137d9e857fa2da6e6f2cd3c

Download Submit
memory/628-30-0x000000000E440000-0x000000000E461000-memory.dmp

Filesize
132KB

Download