4043fd7372acb6d31d540b2e06f4036e7d5cc9994804dc496e7542e3912eec54

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 01:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

279300e45568f6d41667bbebdd8dc27a_JaffaCakes118.pdf
Size

40KB
MD5

279300e45568f6d41667bbebdd8dc27a
SHA1

2577be7570f0763a9c88b68c9b1edd1b5ea0eef3
SHA256

4043fd7372acb6d31d540b2e06f4036e7d5cc9994804dc496e7542e3912eec54
SHA512

19437554c5ac6a2f27d14fe9be54df93d38efc8c5bc1fb95d18aaea7f6db1ae78f1ea30278b2cf3a687e92e5fbf11387f5081e0663040786f15452b62bd28cd8
SSDEEP

768:sXuMZmwgCLWarc0Q0fZm5URAmBb8OPUUJohwjm2oeICtt80nGLmk8b0:sXFZmGWSQCnCi9MUOkm2Zj+0cmk8b0

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3476	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3476	AcroRd32.exe
3476	AcroRd32.exe
3476	AcroRd32.exe
3476	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 1840	3476	AcroRd32.exe	83
PID 3476 wrote to memory of 1840	3476	AcroRd32.exe	83
PID 3476 wrote to memory of 1840	3476	AcroRd32.exe	83
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 884	1840	RdrCEF.exe	84
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85
PID 1840 wrote to memory of 4908	1840	RdrCEF.exe	85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\279300e45568f6d41667bbebdd8dc27a_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1840
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=82A2A654C764B2DAFF77EA39A78D1F26 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:884
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=440136F2AC99F41832E79723DDBB485C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=440136F2AC99F41832E79723DDBB485C --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4908
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E872516E28296B561A4677797D7CCC4E --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1000
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7F699381F4C8626A9E2E5BBCFFFE0916 --mojo-platform-channel-handle=1816 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=78346CFE53DD820F93DB7ECDCCCEF818 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1156
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6ABC437DAA14868CBC1C133E70C77628 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6ABC437DAA14868CBC1C133E70C77628 --renderer-client-id=7 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1f9bb30c51f36c45a42a70adb2a4c5c7

SHA1
ebedefca4d183da93217af22ee76208b2ec4bdf9

SHA256
d9a88701cb71419693cc502630bbfeb460ce641d7ed0cc3ccf01015b3859838e

SHA512
bec45c514b7b201e540b5176b559ce6ec9d45105e0f3340846fbc73928e555d50c31445bf9d301feb15d90fc11e8dbace162bb1da25c9d13187d5856a224b762

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
714db23727d6cacb508de4083cdade65

SHA1
59b21003a61ee365e6dbe906c36a896eaa8b832f

SHA256
3fb55b420db6bbc8a73fa5fed6a1678856a4cfd79b5db3a74c6d7197baaa1d27

SHA512
7e1be2d507f2862aac557617a6d6884965bd1862701c531225b1e03f574ea807186a726740cd2badd61d7516b4d568488a7e19475d6e2eef9d29337422f7bc7a

Download Submit