3319386760d4c1596cc54efdfdc055d69b794d3bd62ce9bfa345e044f0858d17

Analysis

max time kernel
93s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26e84f2a4baed68764aac566095ecaa5_JaffaCakes118.pdf
Size

40KB
MD5

26e84f2a4baed68764aac566095ecaa5
SHA1

0ee4e27ee880532c2824199c011db84c76ef9b58
SHA256

3319386760d4c1596cc54efdfdc055d69b794d3bd62ce9bfa345e044f0858d17
SHA512

8ac6e6f05dbffcf415287f7db0753dbb41c84dda25e6c2669a130f97f3ace5524a6e712e6cb3744cc1eb42d9d7ef253b4ec4a20093e2f7f26c11c8052ced09df
SSDEEP

768:hgGzpDWpa+SZ3aNP1NJWAP4Q5p3xUn3ZA/KHj4c+Tr6eI8juZbNMfSM5Eg:SGFipVA3qIAPtxSZGGdi+e7ujMfSM5Eg

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4088	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4088	AcroRd32.exe
4088	AcroRd32.exe
4088	AcroRd32.exe
4088	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 3484	4088	AcroRd32.exe	83
PID 4088 wrote to memory of 3484	4088	AcroRd32.exe	83
PID 4088 wrote to memory of 3484	4088	AcroRd32.exe	83
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 3368	3484	RdrCEF.exe	84
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85
PID 3484 wrote to memory of 2988	3484	RdrCEF.exe	85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\26e84f2a4baed68764aac566095ecaa5_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3484
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=053567EA29F2F07AB9E624E93E4DF8AB --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3368
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B35BE8F8C1F34CBDCC0D444346D14BA4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B35BE8F8C1F34CBDCC0D444346D14BA4 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2988
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7FF5578D7F00549D5FDCE01D8FA16995 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4856
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9E5ED6D450F1C95998428C4CE42B5C45 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2208
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4D79224CB6DBE8138E0A046AD8EFAA67 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4D79224CB6DBE8138E0A046AD8EFAA67 --renderer-client-id=6 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7DA9786DE7F33B49BE6D3DA28A283A9D --mojo-platform-channel-handle=2660 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
97d1b41721dc97dea94b632f92633fa5

SHA1
19fee87855d81c8e90b2426cbb56351e02d9233a

SHA256
a9b3ff31dcf7e934ba30f5c72d8e98efd58c33dfa29f87b138b363944df6baef

SHA512
2352072927c58c756995b6d4ff66ce379d0b0a76fc43515af4f4617708da811863fcd826a6e455fd00c56cd0aaa0f12e73a81893eaa2668365363d9552acdeb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
0618e1b7312f227c967e78ccb73b1951

SHA1
6d392fcee9c631c54a5d4d650ff17d106ce372d5

SHA256
d4fbbe8edb75b7ef4a02620f9f36c31c3f5c3d8762e89e8fcd9b07b78d116d12

SHA512
0aa1b9482012940c9e9eb86b6dfcdb57a38ee85fc5503f92192751f5e83b476a3e1f59cfab8fcb2cd366c6af2227a35454c7e15182acc4719e3f5cccb272b3f9

Download Submit