2a40d27efa6587c74669244c60186aaec0e03536e745887978d979c59dd07bcc

Analysis

max time kernel
141s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7674f9223ca415fe41ff4d58a7a974a_JaffaCakes118.pdf
Size

88KB
MD5

f7674f9223ca415fe41ff4d58a7a974a
SHA1

b0bf739969cba5539a8fbf93bcd95446fbd325f0
SHA256

2a40d27efa6587c74669244c60186aaec0e03536e745887978d979c59dd07bcc
SHA512

839aa2ea914600f4a160cbfc49b2a257c3f8bd71f8ce58cc82fab78559a40029c38b28f7558412e94fe8f149dbd9cb516f4e78b601826f8e5d69a89b2ee409b0
SSDEEP

1536:WoL4LgeCTzQNiYNP3cIn5eUz9+uhcaoEFhLnYlIgWWkNpOPaWOR6R8sq3ieVN3jt:HkcLMNiYNPXpzQux7Or7PEgHAieTj861

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4460	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4460	AcroRd32.exe
4460	AcroRd32.exe
4460	AcroRd32.exe
4460	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 1356	4460	AcroRd32.exe	91
PID 4460 wrote to memory of 1356	4460	AcroRd32.exe	91
PID 4460 wrote to memory of 1356	4460	AcroRd32.exe	91
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 1432	1356	RdrCEF.exe	92
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93
PID 1356 wrote to memory of 2368	1356	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f7674f9223ca415fe41ff4d58a7a974a_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AD07DDB738959BEEF9A01D6E4E4B3406 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1432
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7CEC1A13AA4AA267A355336A4498BB9D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7CEC1A13AA4AA267A355336A4498BB9D --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2368
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6D234822D1D8EE6FC7E44EEE57F9B94A --mojo-platform-channel-handle=2172 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4892
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=42E00577B934D7B8712DDCD9187AEC6E --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:408
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=35B5FB28C25E1B65288606C12924912D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=35B5FB28C25E1B65288606C12924912D --renderer-client-id=6 --mojo-platform-channel-handle=1928 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1928
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AC23FA2DED019964B0D1EFF3383557E9 --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1b6f4fab252aae7adf7fb072c64ab1e2

SHA1
d7c23b4cbb629083d18cd35f516cf1a13da1f200

SHA256
827a1a54da490d89f731fa97ffba12195c8ea26ab1ec9f95b56adc00f8c78ce5

SHA512
645980b9be0f9d7a982f993e21d49cd40fe180247c6efd6d3b2182b2be5c032518686a185c958141c45383e960715380e90e0e253bf9b7a7a108f8533d9237d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
40eb1df9d17dfbe7d32468fc9e3e6a52

SHA1
f97bf9e14f6acc2e4c7dc93e3be335d761531994

SHA256
8a80d9b7b3e686c82ba5663236b4a44b9f6b6b3361ef5bbb056adcf6fbb99a36

SHA512
410073de17e5aea2c3af0dc1310fda4f705138f2002a5c0a63f32eed4caa439683d40786c8ef170b14658948e1a7f956cacf80060ec9442e4bfac6bb9d3de431

Download Submit
memory/4460-29-0x000000000B920000-0x000000000B970000-memory.dmp

Filesize
320KB

Download