da80d7e5943c373afc9f21c82e7bcf40797ddcd1f2ab0a39cfc6eec6d94f5910

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26dbe559c9e34f00b3a8b2780595f65d_JaffaCakes118.pdf
Size

39KB
MD5

26dbe559c9e34f00b3a8b2780595f65d
SHA1

902bac89c2313478b2c86d0fb1253fae9910c068
SHA256

da80d7e5943c373afc9f21c82e7bcf40797ddcd1f2ab0a39cfc6eec6d94f5910
SHA512

0e131c5c0318ce11438543563cd396375edbe41b821aec9157108b6f8f9a0b2b49ac02a39d188c98f57d1896ce99d9d97390a0a0ed9f08aaa7d565df229838a9
SSDEEP

768:zxgTz6ppU6LCjkp0eeC7Huwxv0wHG/mbCKlFU2qJDb511PE5vXuMZmwgCLWarqn:u3qQjI9eC7Huk7m/JMFU2qJDb511WXF8

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2808	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2808	AcroRd32.exe
2808	AcroRd32.exe
2808	AcroRd32.exe
2808	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 1332	2808	AcroRd32.exe	82
PID 2808 wrote to memory of 1332	2808	AcroRd32.exe	82
PID 2808 wrote to memory of 1332	2808	AcroRd32.exe	82
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 2784	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 4572	1332	RdrCEF.exe	84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\26dbe559c9e34f00b3a8b2780595f65d_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1332
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=42EEDE796094D7B87B985A8EBC4F5EE0 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2784
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C1A3E201FEFDC4FC8AE7738E6BB1528A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C1A3E201FEFDC4FC8AE7738E6BB1528A --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4572
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2C5D1D11CB8A4409CC401F32413B65D0 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1228
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C3C6960432704DA93E9E5A820234BC96 --mojo-platform-channel-handle=1800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2016
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3013A61F0788EE64F7E155646AA6B19B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3013A61F0788EE64F7E155646AA6B19B --renderer-client-id=6 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4936
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E9567B572C286DBB7C5A294296671916 --mojo-platform-channel-handle=2676 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
918a2215e8cc29d5c577ec7a46641dc4

SHA1
26af523af4ac62230b0f54e4e83f38229461801a

SHA256
f92e41dcc0a2555c26c5bd0f751d2c39abb0788615bd44da55da76e8bed43628

SHA512
2ce091e6ad3bf829cedf57b7e6469f08fd8f510a21899816ca5050d62e9d2957681f23e75ae2508da05852df9630b155989f93ed5e77a7df672aa91dbf0693e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
432694815e93b6aaa49d3deaa731f604

SHA1
27f54303f40fdec35a3d2d8cb3ce75b644adcf3d

SHA256
4cf27c596570afdcab2b6009adea80a24d88488041484c3d75199b370fa1460d

SHA512
d452f957fd1c0645f9e7177157df171eda8af68a5a7e326a2c65678e49f7b49d3b89bbbc19c2bf8ee69c10a54b97a52c97200750e2b858a2fbcfd8c648951c16

Download Submit