287b0673deab8e88950c68375241165145bf7b3783ffbd10787484529fa0a4a8

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f781538bb19c2f813ffb852ebb54d9df_JaffaCakes118.pdf
Size

72KB
MD5

f781538bb19c2f813ffb852ebb54d9df
SHA1

cc1ecddafb32dfcd07f76a0f2668810c4e9f5943
SHA256

287b0673deab8e88950c68375241165145bf7b3783ffbd10787484529fa0a4a8
SHA512

ee59465a072244aff434b22b488781c0aa7d850658ce87161223acdeaf06323b720b027fbc6f27cdc70e8bcabeb8d26a3fc12e3c164a7dbf3cee7c8dc1dc4aec
SSDEEP

1536:5kG0wb896FZXxAxJ/n6WseJLkYCVhK3hNjgM06wGuqRSMplS5iut0OE:WG0wrx2JHswLkYC7QUSiqRSolcc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4840	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4840	AcroRd32.exe
4840	AcroRd32.exe
4840	AcroRd32.exe
4840	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 1404	4840	AcroRd32.exe	92
PID 4840 wrote to memory of 1404	4840	AcroRd32.exe	92
PID 4840 wrote to memory of 1404	4840	AcroRd32.exe	92
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 4460	1404	RdrCEF.exe	93
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94
PID 1404 wrote to memory of 432	1404	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f781538bb19c2f813ffb852ebb54d9df_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1404
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CB08D755C2AF732A2104935A766BB549 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=734B35114F058820333845E60E6F7116 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=734B35114F058820333845E60E6F7116 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:432
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7C15897D95AE2587E5730423ACB3633F --mojo-platform-channel-handle=2160 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1816
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=25F936E920804F8C510FFED5C0E874C7 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:668
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22CAAA39CC99A70E8654BB4A31CA2659 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3528
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=27F1F5099A088FDA9D2FDBCB0E7C0CBD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=27F1F5099A088FDA9D2FDBCB0E7C0CBD --renderer-client-id=7 --mojo-platform-channel-handle=2520 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e6f88205e56e83ff645efbb227ff5030

SHA1
a893dd25f2943d8a8f130a92466822a2e84c992d

SHA256
7fa65660c52a09c264f050b3c56a6681a7d705528360f22353c0f5f1a06caa79

SHA512
7d9bbda854932c495fadce194c64e00294008d592111b605567afcf75024f91b2f7e3fb8cd6aa073358b4716dceb42da6d979a5321479c105273ca8ca19d8ba3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
f1044d7dffa27cc7368d7687cb2caa01

SHA1
76051c1e335a8f3c84629564ded7143723c678e4

SHA256
41c297ebbf6202c91a2cc5b4003b92fbc87137d467b12466f7e07e88c5dc13ba

SHA512
2016f3db76e4cc90e851f8948644cd6cfcac55e2c827479b034b317a2b62c34abd6dd04c609abde3aaac448a259d6b0e651099321acc706f7a2c6f145e8f2b48

Download Submit