e11918ba308f9b1c17b97394e98cc5fb49834dbdb0b963e03b01820eaa888224

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6c869b65e0f446a1101adcd379b20dd_JaffaCakes118.pdf
Size

82KB
MD5

f6c869b65e0f446a1101adcd379b20dd
SHA1

081b8f36031f4f8c61866fcb3c01a5f52a323d1a
SHA256

e11918ba308f9b1c17b97394e98cc5fb49834dbdb0b963e03b01820eaa888224
SHA512

f2f0666c5245cc24e12d7456877a028f25e25494279fa06453f7f63736d0f4c7b3a422cd46fd73e77f2bfe97060bc22b47ede1234007d1e62fd02a3bab56edc7
SSDEEP

1536:O55acAmWU50uNLi7wgH8XICiTjk4E3wWLtppgoJQtBW2fKubDJ8UVg6xYAmswAWe:rcsUNRicg11NEgWJTgD8u8UVgSTHwr7+

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
740	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
740	AcroRd32.exe
740	AcroRd32.exe
740	AcroRd32.exe
740	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 4808	740	AcroRd32.exe	91
PID 740 wrote to memory of 4808	740	AcroRd32.exe	91
PID 740 wrote to memory of 4808	740	AcroRd32.exe	91
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 3784	4808	RdrCEF.exe	92
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93
PID 4808 wrote to memory of 2780	4808	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f6c869b65e0f446a1101adcd379b20dd_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4808
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=32E7F93AB096C5C3D4FDC41DC7B28B63 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3784
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B2BBCE22BB31DF94DB586EA9AB0D6301 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B2BBCE22BB31DF94DB586EA9AB0D6301 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2780
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FD2A4637E30EBF4411E8180B24BAB94D --mojo-platform-channel-handle=2160 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4796
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E6EC4A5594E29405A2D2AFE6DC0DF636 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1416
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=67C4D61B5667E1C89DC13EB134BA0E9D --mojo-platform-channel-handle=2456 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2996
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E747E866C28A5C9089F446C1BBFA890D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E747E866C28A5C9089F446C1BBFA890D --renderer-client-id=7 --mojo-platform-channel-handle=2516 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6091eff620a812307ee720159cde29f4

SHA1
e296864d85b0f89a847be99ac318de5439b2fe94

SHA256
da999aebec442b6edc8787d6c219425a060f9fb850cce9a9d14aab6e1aa7fce0

SHA512
808d1be6702334e2f8ed2293373dbca02df5ecf2aef3e27475b7a6600ed3fb02fc98d4125e40e06e30831c1e8068ee7c3c92cb034dcedc1ae2b5f518f35b28f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6ce1d94bb389f0f2eae8eeb72bcc8a0d

SHA1
b2c565b39748c2af5a6c40cf2cf1ab585983eb6d

SHA256
1b00be2d36c81f920be99842ffa0328ef3775497f326df5ae167081a2a80b3ca

SHA512
d8414c30d3282a2c50ef4199c2c5ee86861fd01a233e52c2258d7190058ba065c97d433e6be1cc5c020831635d5c80fa66371386139ea0121789f9e0134feb8b

Download Submit