f06c43fc0d389dee8670acc66fea8a6dfa32eaca43f1afd601269fe8bfb5b5e6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2600c56f2c59149a648749140b0df39f_JaffaCakes118.pdf
Size

82KB
MD5

2600c56f2c59149a648749140b0df39f
SHA1

a1ae2ae9cb6e11c7c016dc70027e35b2b5a4e9da
SHA256

f06c43fc0d389dee8670acc66fea8a6dfa32eaca43f1afd601269fe8bfb5b5e6
SHA512

d5ea7ba928bc76fb7cab034e08719a85300a2145bea70106361ec3e13973b51a2c83d6243442e3cc66f7ff0a5a071147ac1eb878d1047ab32308b48e91ff4e0a
SSDEEP

1536:2GFge86LatcRoRJ3aAPoR92RFC37YL4l2DgE4c+Nkli/Q1n64sWRmmyUHWVeOGux:PFge86La2WoR92637Yq8gDc+mliQn64G

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4696	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4696	AcroRd32.exe
4696	AcroRd32.exe
4696	AcroRd32.exe
4696	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 1332	4696	AcroRd32.exe	82
PID 4696 wrote to memory of 1332	4696	AcroRd32.exe	82
PID 4696 wrote to memory of 1332	4696	AcroRd32.exe	82
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 1148	1332	RdrCEF.exe	83
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84
PID 1332 wrote to memory of 548	1332	RdrCEF.exe	84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2600c56f2c59149a648749140b0df39f_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1332
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F2F3A29760D8A9A6D3957CE810D86339 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1148
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=15AB2CC49DB884C09FF2CBB2983E4969 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=15AB2CC49DB884C09FF2CBB2983E4969 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:548
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6678DE3DBA9E70AE809390B11E7A3438 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2008
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F5872E4EA7C825D721C908ED2D6036C4 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4064
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=021806F8469F4AED8A7F96F5E99EC750 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2868
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F9C81A7CB8E8A9D1269EC01572185AE8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F9C81A7CB8E8A9D1269EC01572185AE8 --renderer-client-id=7 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c928e827294bc0562261a4e2658fbbe2

SHA1
e33b4d47a19bc7f6b09b1a22b763b3ea206c1158

SHA256
33fa5cfb1925e41d7816722a4285e06ddd4a1c82bbdc6c649ec3c1ac6f3f3851

SHA512
16d12316d5f8fa68df51dba136097a12acf242b54f0140a3c431d34d2724ee011c4f0c1dc62aec7bec0f39732688739acd7e219e83ae75522684f46646ab90d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b7be34fbc8d5a597b0db2f011631bd4f

SHA1
a7fbe98cbebf535b3a66b967c77ecfa8ef100d19

SHA256
3a9cf00e4e2bb9f939a25bfbdc2b01964eea9637a0561c76ee878b9cac078210

SHA512
aaf7c90d6ae2cbcbad0d2bb3756de51c48dea94af2fe333ca668ca55411eceadda2c103eb16567d090fe4ebe76eadc0ee8d2a88deb7054be55152d93af0209d5

Download Submit