9d78a1c9960aa91b065e2889839adbd5457c716b296f4bdb51f9b565d8f5f80d

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f30fc4e8be99164b6d0a6fb9ba37de5d_JaffaCakes118.pdf
Size

83KB
MD5

f30fc4e8be99164b6d0a6fb9ba37de5d
SHA1

be1c42e4de40cb0028fd3697ddd105e91ef52dc3
SHA256

9d78a1c9960aa91b065e2889839adbd5457c716b296f4bdb51f9b565d8f5f80d
SHA512

daab355e53c6aa783733e341ffdcbae9a362aba40de504b7f367a337ca26bbe1ce995fe4a9a408ade5fe8be6bfd2e263de320641c0c8450ca79674ce4a606cbd
SSDEEP

1536:VmppfrdCAVyzNa/Le5v+xpwleKePPy4WBTJKLJWspORTa5Hy+:0jdC2ANkS+xele1ah0LgRG/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2744	AcroRd32.exe
2744	AcroRd32.exe
2744	AcroRd32.exe
2744	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 4636	2744	AcroRd32.exe	92
PID 2744 wrote to memory of 4636	2744	AcroRd32.exe	92
PID 2744 wrote to memory of 4636	2744	AcroRd32.exe	92
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2592	4636	RdrCEF.exe	93
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94
PID 4636 wrote to memory of 2808	4636	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f30fc4e8be99164b6d0a6fb9ba37de5d_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4636
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=41CAD1B3EF8601FF016F775D6D590072 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2592
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C40DAAF5182944A0CE8403015CBCFCAF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C40DAAF5182944A0CE8403015CBCFCAF --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2808
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A01C8E34B12F4A3C90BC131A745D0AEE --mojo-platform-channel-handle=2156 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1544
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AAA5C521269F1AA46BBC058FD99EB9B2 --mojo-platform-channel-handle=2404 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4936
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C887EB2119466543A5797F85861B10A9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C887EB2119466543A5797F85861B10A9 --renderer-client-id=6 --mojo-platform-channel-handle=2224 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:552
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6AAD7763B76D2227337479D53A004E9F --mojo-platform-channel-handle=2696 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ccbf6225df0ca4113ba40c7f340b4fb0

SHA1
e2fc5a0eeaa39101dd17d45b5f9c9e0177f9889c

SHA256
a043fd94af767069888549efc0c4000dbd21c3536b98d12476ffdb925df09b7d

SHA512
7a14c1fa6c84922349305daf901b747abca658604f6fd914e155f43b38f17c12070002dc1f7c97d427d213a87b4b669992ba8b639d5424b23ad79f2e4431df6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6d9f9cf59970e2a3f3af1ff0508aa3c2

SHA1
e2d229d20f1c737b523b0cab4d20232eb6aef012

SHA256
26988d1a9d5c57b2677f1461533634ce2b0d8bd67adbe76cfaf22ea76335e771

SHA512
7eb6de7c518c079ea6597f0fcdd5523156480d0a7566f0f1b30ced709bb60e4bc27221dd03c0f9cbbc12026c0981269e45874962cdeff512947d715a133207c5

Download Submit
memory/4636-0-0x0000000077B50000-0x0000000077BFF000-memory.dmp

Filesize
700KB

Download