a540ee3ff44ebaeabd399c526dd9d2ab13e1ee8bc51036ba3a291ccd4612fc8f

Analysis

max time kernel
91s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2819b3c811144de5ea299e2c66797b79_JaffaCakes118.pdf
Size

55KB
MD5

2819b3c811144de5ea299e2c66797b79
SHA1

76a19d4275df6caf0cd6ebbc0f3914a25109eb3e
SHA256

a540ee3ff44ebaeabd399c526dd9d2ab13e1ee8bc51036ba3a291ccd4612fc8f
SHA512

65059e940799be4ca5d2968e2a4731798fd8f3c147db90e189c1c9700d6f5f9f260d73b487dacaf183b76b34dc23a92cf4c1e6742c1d110f8925c314b8cf2357
SSDEEP

1536:7VVGB7ClPQGJmtuVDQcaIFe2FJVbk1iNrM+uPhRK2irpmpSopyu0qATXFZmGWSi/:bGtWM427I5nhwiNQ+uPhRKDrpapyu0qd

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
872	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
872	AcroRd32.exe
872	AcroRd32.exe
872	AcroRd32.exe
872	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 3980	872	AcroRd32.exe	82
PID 872 wrote to memory of 3980	872	AcroRd32.exe	82
PID 872 wrote to memory of 3980	872	AcroRd32.exe	82
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 4244	3980	RdrCEF.exe	83
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84
PID 3980 wrote to memory of 3024	3980	RdrCEF.exe	84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2819b3c811144de5ea299e2c66797b79_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3980
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=435F293524C60B261F882CC7CC2291CB --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4244
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A08E3EB33AE296C201BAD89F06B81482 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A08E3EB33AE296C201BAD89F06B81482 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3024
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=10F95B8E9E8269DDFEA224670321573A --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:688
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B456844396EBDB333D64E45A9E34A19B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B456844396EBDB333D64E45A9E34A19B --renderer-client-id=5 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:732
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B5A799F6010491E8D5397638C8407DE --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4812
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B188DD972EEE51541AA6DA456402E03 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ca1633eea2b6c76c6203d912b23e65dc

SHA1
67d1f36176f68a3040dea5288d716c3a3f94265b

SHA256
280eb3ee4dbca0f0a90ae69634fe9884580fe4bc13171b0cce3f610deace5b42

SHA512
08f8cefd30334d335d68cd781130e825c2d6ca3a1b478bf0be2716e0814540812a8b67023706aa972ad7711f1bfcecddfd309e5536373eca1540d31a303f783d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
406e24ae9562671bfac1461b781dab7c

SHA1
00b8718a5e81b41b64b6d09f0d5f4b1682056d5c

SHA256
1be9053e10be4535b21a5dec9e12e2790191f63c1efbe121660db79ceacc2850

SHA512
ea1095b90676625ee26592e320b877f101faa10a93c9bf855b9cfdf3a02760ca5499647490e85ec86f605ab5ac0a1a789fb8e86621de10287850043f2372a39b

Download Submit