5ef74f8e156f3f5943b15c05caa382851bccdc6433cf9a34c067a24ab5852d08

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 17:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ffd02ec322ffbaa6e4ac341512b3936d_JaffaCakes118.pdf
Size

105KB
MD5

ffd02ec322ffbaa6e4ac341512b3936d
SHA1

dfc37c27800b00b4b70ebc53dbf90cc501665820
SHA256

5ef74f8e156f3f5943b15c05caa382851bccdc6433cf9a34c067a24ab5852d08
SHA512

7852926750d57732983d0861e4409223fea2161bc47762dae94ed294351e97161765414b3fe0030031ac10d00c8d1ce5ae2a31a34410f3ac405c68499ba25353
SSDEEP

3072:DpnFqVkqMsV8LMhcKvXxWRUe/5ok0BiP2sfN/DaTe/dztKs4y:DfkkAV8whJvB8Ugok+w9qyRtKs4y

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3908	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3908	AcroRd32.exe
3908	AcroRd32.exe
3908	AcroRd32.exe
3908	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 2260	3908	AcroRd32.exe	90
PID 3908 wrote to memory of 2260	3908	AcroRd32.exe	90
PID 3908 wrote to memory of 2260	3908	AcroRd32.exe	90
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1432	2260	RdrCEF.exe	91
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92
PID 2260 wrote to memory of 1528	2260	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ffd02ec322ffbaa6e4ac341512b3936d_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3908
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=888609FB9DBC625EF4AA744AC04D6CE0 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1432
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=ECF89B18991838DD88A8F9B860BB8FF1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=ECF89B18991838DD88A8F9B860BB8FF1 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1528
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A6E8369F3209BE30F89CC3D32601DB9 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5040
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F0D831A2749687B422DAF7FCAAEF6251 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F0D831A2749687B422DAF7FCAAEF6251 --renderer-client-id=5 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3480
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4395105CE5E1BD6579A4D26CEC2A5E55 --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:536
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6EC724E9431FA10525A334DBF7341821 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d885a2da02fcf3b17cf4f0b2a3e721e9

SHA1
7bfb3f8679692f3aa021c7055815fd547854275f

SHA256
af04dc35c74541dfdd34dec4c24c943bc0b162b7557a917810575f12406b2994

SHA512
def620b0fe60f432df85c5d524001608adfcaab544ee7a5faaa39e8399d5dedbae188e22e53cb045f75b3ca897846c4c2279b6285a4ee0dc3bcc43e7f848dfc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
fee5463f4edff1a5555102013b2ec410

SHA1
2980aeef753401993fb19892101775cc7ff1ad74

SHA256
1f8cf8ab9e8435fedefe2a5dbbe072e4a1519cb947f6a76137a7f0e7d077f709

SHA512
d57a2eee5d776f4b048d4150660ed7dd2189f1f9a32f65957273ff1a60ddfe02d5a0b2092fa2a737e36d3f8c98fe661ba8b266974dd7b6d3a746553680e2be82

Download Submit
memory/3908-29-0x000000000CA30000-0x000000000CA80000-memory.dmp

Filesize
320KB

Download
memory/3908-30-0x000000000CA30000-0x000000000CA51000-memory.dmp

Filesize
132KB

Download