76868200ece96f6d97128a37c2a5424cb17d24e60e6189ef1d37b0df7a5c0323

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff9ddf25eb828872c9096aa435ec1e68_JaffaCakes118.pdf
Size

74KB
MD5

ff9ddf25eb828872c9096aa435ec1e68
SHA1

304a7c0e0083ddd17955d8902403c6d1fe9797a2
SHA256

76868200ece96f6d97128a37c2a5424cb17d24e60e6189ef1d37b0df7a5c0323
SHA512

f69da570e923fe7c22917d3d1cb65f6799600545abe860d14df9bbe488906db11edfe761d5949e339c386b7752f24900addfe668c7630e5211bbf395ef99aba9
SSDEEP

1536:gNIj75st5pmEjOcd8wi5h90TbAfoCmm+oWpPfJNAmDSm4FW0qQ8E6:TspFx8wek+MfNAoMW0qd

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1348	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1348	AcroRd32.exe
1348	AcroRd32.exe
1348	AcroRd32.exe
1348	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 2424	1348	AcroRd32.exe	89
PID 1348 wrote to memory of 2424	1348	AcroRd32.exe	89
PID 1348 wrote to memory of 2424	1348	AcroRd32.exe	89
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4584	2424	RdrCEF.exe	90
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91
PID 2424 wrote to memory of 4408	2424	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ff9ddf25eb828872c9096aa435ec1e68_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=75357E60758DC90BA7FC1E451054418A --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4584
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F5D2CAC0048F8E5CBABCC382085A30FA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F5D2CAC0048F8E5CBABCC382085A30FA --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4408
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7F470DED9568B01E70B844A11F46FAF5 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3324
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=311FC023FE786DECFB6E21B39A11179C --mojo-platform-channel-handle=1908 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1904
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6D55674CBCEECA8C7CFCCE601448AB4C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6D55674CBCEECA8C7CFCCE601448AB4C --renderer-client-id=6 --mojo-platform-channel-handle=1984 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3280
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B2FFA13AB1D79E99D7E73E72F9B4A14 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
289fd5d33c063cb1590d049774b4c38f

SHA1
59eb22976a8f4b3869c3c1bbdc96c524b349b541

SHA256
779123776357d2e85809974d8311bc4b629eb160a23d454a0cba499902e2f20d

SHA512
d1b785028c9335fdd15e10ed9ac3a107ade1177586af1ebdba873d6a3fb4c72f6ccb54c50e3a6dd88f1e58773e5d2b6e07b161281e68d75fdd7dd19e475b1eb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
83fbd491927d7858624894cffdac4922

SHA1
be24c4fb2a8ec1ae35b9e6b8d990a3beffde70f7

SHA256
07e140d5e43a65f8a53b0ae93315c4c0e9ec3eed53784ce01783097909ce6921

SHA512
b8b757ffa65a6f9f454ce66f28599e17013a098c60b78a046a6012fff5c259387999e61f96432eb839ef7d4391d7c84651b7640d18db2a9fc0c054fd73fb3e1e

Download Submit
memory/1348-31-0x0000000009950000-0x0000000009971000-memory.dmp

Filesize
132KB

Download