c1f246833ae3ac18222634ca0246a1603d1cc5e68f2c7913f7c741eb840f0d56

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f90e8479acf57fae3750a5398a9a79d9_JaffaCakes118.pdf
Size

32KB
MD5

f90e8479acf57fae3750a5398a9a79d9
SHA1

c660d0628e4da652cac70eb2e5fe40d0d8f03709
SHA256

c1f246833ae3ac18222634ca0246a1603d1cc5e68f2c7913f7c741eb840f0d56
SHA512

9e9708c25bf01a7f6dcdc138b35d0d37dc242fbadbef779e42e4256a3c0c6114416e21ec4cda62672ff3c6acd2796ed21151d77f8be5051dc6d8dd49b6a24060
SSDEEP

768:Rbvzl/74nJ235DT5DJvQ9BfkFbigRPiXOOktgGr3V6:dvrllJvQ9BMVigRP0Ktrr3V6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2460	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2460	AcroRd32.exe
2460	AcroRd32.exe
2460	AcroRd32.exe
2460	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 1476	2460	AcroRd32.exe	85
PID 2460 wrote to memory of 1476	2460	AcroRd32.exe	85
PID 2460 wrote to memory of 1476	2460	AcroRd32.exe	85
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 4992	1476	RdrCEF.exe	86
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87
PID 1476 wrote to memory of 3680	1476	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f90e8479acf57fae3750a5398a9a79d9_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B2B2EB6C886F1D9F94DAE286F1FD2822 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4992
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=35EFB97866272FEE931DDF35C5F8A8E1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=35EFB97866272FEE931DDF35C5F8A8E1 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3680
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EFDC17070D7AF5E579BB3786B0D9E49C --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1392
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F08E5DFB20AE33FC8A6DCBEEDF6C02DF --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3796
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=012910EFC265E09365CD6460DA1CE12E --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B6EE410B1E6B50BD15C58CA8E05AB3E7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B6EE410B1E6B50BD15C58CA8E05AB3E7 --renderer-client-id=7 --mojo-platform-channel-handle=2532 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7c49e6ccb8766a378a986061bfecb975

SHA1
0ca3ee86a9964729b1e15619e7990f530dfff247

SHA256
7f677341d8285adf9ed0ba3969e69a9dac2bdcfa3324d37b5bd42ba411bad450

SHA512
3ed5cb198784b3ca036f1f168251cf5b80f2426254a6eb6ec1435a9eb18444b027822c3513b12061e5e34446cb9452f1a57a1ac6ff30360695313bb72bde1691

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
3db528825a445597e19dfbfae9419a53

SHA1
f2d92c8c15c82c4197f306bcacdca4759944b462

SHA256
4697a03661833c1aeae75f78b18e18609085a8682f0826680a9cc4ba1bdc6a8c

SHA512
afafa3ef3ded67952ec78dd4eef428949f5fe2450860d079fb841b0c71eae6845f50ed1879bde6d68e4494053abaf802e87fe3c669a7c3711a71f926d1662adb

Download Submit