0efefe44f78cd30b67b2a34ba9d4c52dcd0a0d46992c6fb1837a5795a9c25507

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd8437add8bee305d46c806ea659537a_JaffaCakes118.pdf
Size

79KB
MD5

fd8437add8bee305d46c806ea659537a
SHA1

30da7022a86da08f5d1232f61a86f3d71936bade
SHA256

0efefe44f78cd30b67b2a34ba9d4c52dcd0a0d46992c6fb1837a5795a9c25507
SHA512

a7b26c3ecae60c61b6cdc7a9c9a53e2ee01f85405c1236cc451edeedadb63476eae7799790201e3c7019752ea3771b80c68c7f8077c19eb758b309595d92bfc7
SSDEEP

1536:4BwYmBIq7iHKKCATiDbAwTQ5lGiwmij9NjGZVDFyMkwROQWuRhIy3W8vik1g:qmBIq70evTTF9Vj9NiLDFyYRRWuRGyxw

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2540	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2540	AcroRd32.exe
2540	AcroRd32.exe
2540	AcroRd32.exe
2540	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 3384	2540	AcroRd32.exe	91
PID 2540 wrote to memory of 3384	2540	AcroRd32.exe	91
PID 2540 wrote to memory of 3384	2540	AcroRd32.exe	91
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 1900	3384	RdrCEF.exe	92
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93
PID 3384 wrote to memory of 2416	3384	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fd8437add8bee305d46c806ea659537a_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3384
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=899AC540D4F39E15BEDD16BD95BE78C6 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1900
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2DB57E12BDAB2CBA6712B9A220D204BF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2DB57E12BDAB2CBA6712B9A220D204BF --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2416
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CDF283A112F5D61B35918F6FB3598A43 --mojo-platform-channel-handle=2168 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=17B3E6CDCCFB9A9A378EB447B2D3C20F --mojo-platform-channel-handle=1976 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2912
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9996D620789B97D5D4823E63718DD0F1 --mojo-platform-channel-handle=2404 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:904
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=16F90A4D015CAC4A6958794EF2A91930 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=16F90A4D015CAC4A6958794EF2A91930 --renderer-client-id=7 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
31c40f69c7cd3fd14824d413dacb892c

SHA1
d91536a72c79059601352ca951a65d478a09233b

SHA256
7b4401138d45406ba43b51d52b67b5a82911203eae79b64b9a770d4e2f6b3e8f

SHA512
998455190952f6d4624f0c332de4fdfd82a67bdf906d7b3992bc733067d7601dc6cb82a714429e22f90aa8d158ee90190e22efababb030f8b90907c0c7057d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6df16f30485a040343f8c975d2da4d4b

SHA1
fb1de9cbba256378ba38020ecdafb6cf8961aa04

SHA256
0df87900c6319baef724a3f2dc9ddc416a855ceaaef8a46274f76fec400fffea

SHA512
ffaaec421d19a6c3c5ec4e32a091662b75137828a23f1e811f5e82fc4b17cdc78da477a6510852281b63e64936db1cdcd79eaaae08e20e8678b1aca9a4ae1c49

Download Submit
memory/2540-29-0x000000000A180000-0x000000000A1D0000-memory.dmp

Filesize
320KB

Download