7413600422666324ffd9d6850a229beb0c2d660cc3f97767e58303c285ff20cb

Analysis

max time kernel
97s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30fb243ac7b86268485f5e4e0ab2c459_JaffaCakes118.pdf
Size

45KB
MD5

30fb243ac7b86268485f5e4e0ab2c459
SHA1

23482e9ce947a6578e7a98765e337415457678a6
SHA256

7413600422666324ffd9d6850a229beb0c2d660cc3f97767e58303c285ff20cb
SHA512

4718823f343d796b0a8b70e9bb934f4041e3d8cb8c1502bf4fac0e09aa1161b92b40377aab9ef56524494dadb037bc19773f8932b85a2ef13efe62b2b47b064a
SSDEEP

768:ugGzpDfpHB1VnSCj2ycZkWSpUgYutY6g4gPr7Rqji6NPEln6+v3WFsGQL8CZjD:LGFLpLyycGWSpUGtYX4Qlhlf3WWv8CZ/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5072	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5072	AcroRd32.exe
5072	AcroRd32.exe
5072	AcroRd32.exe
5072	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 1744	5072	AcroRd32.exe	87
PID 5072 wrote to memory of 1744	5072	AcroRd32.exe	87
PID 5072 wrote to memory of 1744	5072	AcroRd32.exe	87
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 4884	1744	RdrCEF.exe	88
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89
PID 1744 wrote to memory of 2472	1744	RdrCEF.exe	89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\30fb243ac7b86268485f5e4e0ab2c459_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F0A904975CC2A9183B471C8478172862 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4884
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EA58A51059B8D8583F28C094300FEF98 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EA58A51059B8D8583F28C094300FEF98 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EC2DDC7604F16409ADD38D78B1345E4E --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1768
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4FBB5826A973E5179AE4FFD2A9D52368 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:60
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C84DFD3E7E7FB2ABAED0884A6E931860 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C84DFD3E7E7FB2ABAED0884A6E931860 --renderer-client-id=6 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3160
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BE479DD123993EADB910500E0B8E3DFD --mojo-platform-channel-handle=2716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e2742b0170b8a727f6e9ba8d1478b982

SHA1
966749d8d5a69c84f524b80a5f61f5dffd54e679

SHA256
fe8d7f29ca32054aa7f4e95622a5590841d1e404f584cee17d3ba3e496939b09

SHA512
4449eb8c3846026bd51a516c627a2d58638cce5622c927481eacd167904458494a2e62d309a6cc9184871412f1ab9034b8c7b775a132d35a0a30aba574d203f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
0e8d444333d5a66eb64fdc7fee667896

SHA1
d7df4e4fb42d532b54cd2c8eb474457eee32b3f0

SHA256
0f72356ba39d7e9d75111e6c3269edb13753815cf63d716bc52030c9dfef6359

SHA512
524c0fbd012d1a97c662ceb72bc4697a3b7491a673b8e96c9a4d674cd1ca580b731c6aee0487211429678265df4986505e0afd9bf4cfa68c7b0c49a79261eb0e

Download Submit