80460b1e003fdab3c9c1c347e8c480073c483214e6b09077cce32beb6e4df11f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2dc727e75ebe2ba0701129a0dacdaa43_JaffaCakes118.pdf
Size

17KB
MD5

2dc727e75ebe2ba0701129a0dacdaa43
SHA1

6cba3fec5f46b0393f42a1eeae7a5690679eda7f
SHA256

80460b1e003fdab3c9c1c347e8c480073c483214e6b09077cce32beb6e4df11f
SHA512

259e2d3e177ea99833fe342a13a925534be27a3f8567fcf903f16edb74d4a32eef03949d857740e9cd539513b8f3d6593692a9b7119f11d33b990a7df2e66216
SSDEEP

384:VzNwahz1Wu9u5z+kiN416LLYFGOo8Qd6HHQeGKMSCnRXkNj68fQl9ymcOcd:VzNwahz1WD1+kiN26LLYFGOo8QdqHQeZ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3388	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3388	AcroRd32.exe
3388	AcroRd32.exe
3388	AcroRd32.exe
3388	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 5008	3388	AcroRd32.exe	87
PID 3388 wrote to memory of 5008	3388	AcroRd32.exe	87
PID 3388 wrote to memory of 5008	3388	AcroRd32.exe	87
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 1816	5008	RdrCEF.exe	88
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89
PID 5008 wrote to memory of 4728	5008	RdrCEF.exe	89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2dc727e75ebe2ba0701129a0dacdaa43_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5008
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=27F627AE4E8186E19DF19297A1D31F53 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1816
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D3AF297D0BD440073D8C30A6A374CB65 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D3AF297D0BD440073D8C30A6A374CB65 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4728
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8655D9DFD790B81EA895980A2A25C2FB --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1036
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5897AA729323EA4269374049E7A56D46 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1908
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=399B3830AD33B96F5E553D3EA133498B --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4084
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B0FB9E17653B898E23C945986D529EA6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B0FB9E17653B898E23C945986D529EA6 --renderer-client-id=7 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
27447ece3b3a051ffe06bdbfde7fabcf

SHA1
ac9b6042de75e7f5a90c4e58f860804ce4377531

SHA256
5d6d0b2b1e5ad4eaee5443e464feb2cd8b7f9bb714a04da9d6eb546e6bd01621

SHA512
722dc1de80d44dded8464dd42abfddfcddb937fa3822208e204dd178fc2a7d7851e2178a25fc719d18eff112833e22506e15f347226b5672062439aa2adacf0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c22129049fc66f1d340be830af64d7e2

SHA1
4996a3d188daa3b935c52cca265c2f0df6c1a872

SHA256
74453cf4905ae37889620eecc3f797c7d920269def8ea0f1656d6f072318a22e

SHA512
ff5a8f893793c6736dc002a4da822e8c9ad1b77aa3a3e318b35f34315102961c2f047bcbe392eb505d3367ee8fb842d6e0bc175a98d43491029b176e76fe0611

Download Submit