75a9b9454e853a6cf6915d3f0612f8f7bd0111175fe074c261e914d1203eabaf

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

261171433135b952e426182317a6d1fa_JaffaCakes118.pdf
Size

45KB
MD5

261171433135b952e426182317a6d1fa
SHA1

6d2f5492e4cf0d5a60bd165d9bd249cfbff91cb4
SHA256

75a9b9454e853a6cf6915d3f0612f8f7bd0111175fe074c261e914d1203eabaf
SHA512

6c034d84975647f2c8ea9847e44fc8de308973a72f7468ec98ccb16c0585ed3143da47988da22d9fac026da79f28ab0d86a2bdb460504908bec641d4cc04f47b
SSDEEP

768:LgGzpDPeQjUi2N8AOniDKl3GrznZUwiu63Z4G77fei5fxex8yEtQb3LrjRAPl5FN:0GFTeO8UwiDyEf15fxpylb3LrglXf1jP

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
536	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
536	AcroRd32.exe
536	AcroRd32.exe
536	AcroRd32.exe
536	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 1076	536	AcroRd32.exe	83
PID 536 wrote to memory of 1076	536	AcroRd32.exe	83
PID 536 wrote to memory of 1076	536	AcroRd32.exe	83
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1084	1076	RdrCEF.exe	84
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85
PID 1076 wrote to memory of 1232	1076	RdrCEF.exe	85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\261171433135b952e426182317a6d1fa_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:536
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D77553CBCF4B1658C257445616032524 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1084
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5C76CD13C9D9EA8ED3C711912948CD5F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5C76CD13C9D9EA8ED3C711912948CD5F --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1232
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FFFB8DEFE72D1854AE8F29BBF26420D8 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2116
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A7793FFC8BC34CFD8B4892ECA7C993B8 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4484
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DD81916679426AC21D189AF435326BD8 --mojo-platform-channel-handle=2384 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3596BBB87D5705B20AD28166646AE9DD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3596BBB87D5705B20AD28166646AE9DD --renderer-client-id=7 --mojo-platform-channel-handle=1892 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
889fd4073bdd9d5b03af977e4d939f2f

SHA1
57b806b4bb1b3a451ed1059574ab622b4d408c76

SHA256
48f8f641a1e1afa4c70ed5fb00e74aa32d412aa0a0c6fbafb5824631230d0c1a

SHA512
89de6535a862c0c312311edd590d84619d9cc6402fc347c6492cd82b5bf44febdad344ba73cda8d46c2427eb58af88a72b9610d00740f21a65a1610ee4a8f4a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
41416c81907338343bc3d4a3708fb33c

SHA1
4c1f77f602451f57767e91e8de32f2996b358866

SHA256
cc3ddf0e5ee5c49c6a915f483d2eed914d6b7f0abc244dd08f1d742fb1b344f9

SHA512
a0f460070df99b1d80937d7c644675368f3491dbcdb916a66bddb6b519e7ad1185e7c4cc8598aa26fca272b7641dce586db9b810de3e360710345086b8b7d58b

Download Submit