93ba7d7f34186f226a956dfae2fc5b863ed6ee89d6e25e65b807db8947e11023

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc0122aa13f254145ab8b77aa9f4d1a3_JaffaCakes118.pdf
Size

49KB
MD5

fc0122aa13f254145ab8b77aa9f4d1a3
SHA1

25c30f21ce2b93e00e2fefb0aacdb7c54172d84b
SHA256

93ba7d7f34186f226a956dfae2fc5b863ed6ee89d6e25e65b807db8947e11023
SHA512

80c5da18d81ea88d0fed2d4b7c73c59df75cd6f03f188994078b1bf91e45868c0c39d80ae21bf41c963488356c9313b75fe4a92a8ba3091fb7e4cf6953ff8a56
SSDEEP

1536:H9SpR8JjAzvfkx+J2uZva1GcZmGJY111YBaifSBw:HG8JjAzvcxAxZva11ZmGrBUBw

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1860	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe
1860	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1412	1860	AcroRd32.exe	89
PID 1860 wrote to memory of 1412	1860	AcroRd32.exe	89
PID 1860 wrote to memory of 1412	1860	AcroRd32.exe	89
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 460	1412	RdrCEF.exe	90
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91
PID 1412 wrote to memory of 208	1412	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fc0122aa13f254145ab8b77aa9f4d1a3_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5369D97F7D76921AD41F67AAE5EDB889 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0D56E5237C6F1183EA780DE20AE757CC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0D56E5237C6F1183EA780DE20AE757CC --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:208
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C5DB5754E4D818DC8DE272DD1D97935B --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2692
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=65CB8EC283BDAF523297725D48830A87 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4340
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EC39F2B86133F2A34EA6B432BD69DA52 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EC39F2B86133F2A34EA6B432BD69DA52 --renderer-client-id=6 --mojo-platform-channel-handle=2436 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1856
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3BCD94B3CF61189D6E8A1ABDE63EB360 --mojo-platform-channel-handle=2404 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
340aad1cb1d7fa2a1188f3f25e8ba479

SHA1
a21f3c73d12dba84a5605b930a9ccb85923712b1

SHA256
5df7d42d31fbed88b1f6d3e989ea55ee04cfc4f7b5592e640bc01ca04e46391a

SHA512
c56596257ff5ae1d8e698f560e76cf6cce1deb84933e0664aa8e6630cb23fb25dab99c602c6e54e36db9cc143e2d69c4b3d53d03c74a0b5fea7abc0b5be21bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
013166cc4c5e8a6a9e73d3622d09f3a4

SHA1
fda017d4c72dd8f5ba1c0f846c6f8c8fc6bdd7d1

SHA256
a52f4bb6c252ee62e38508d91ebe74fcc5bdd90fa953b0641f89b1243aaa0a52

SHA512
5cd62c80558f59016fb1d23d7195cf3ecd4eada596a1adf695fc88be7dc1b7c55446347e49bed168e0579daa0da8b47a19ae0beaacb73c940249c8fd14a1758c

Download Submit