7429e1a352d393dfedc3a2fb11d19ecee87ce8fa4ffe098d7b510db93e357296

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33dd46d3ccfbd0a6e0123f36252b1ba7_JaffaCakes118.pdf
Size

40KB
MD5

33dd46d3ccfbd0a6e0123f36252b1ba7
SHA1

6981e6204b8537d14034e12fcdebbe0a69b5ed13
SHA256

7429e1a352d393dfedc3a2fb11d19ecee87ce8fa4ffe098d7b510db93e357296
SHA512

cce7d2da7495659e8921af0d2580415f4926f4c5ec6f000bfe023328497330e5abdceed701a01eb2308883d3d9a69c7f8f93a820143d7c7f2c0c7c87ada8684f
SSDEEP

768:DXuMZmwgCLWarU3pVm1myX9noEe8SpkfFqm7iR7YVm4UO6zkDf+NConEwztUId+J:DXFZmGWSU3Xm3XRoJ8oQFqm7iR76mHOh

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4444	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 4752	4444	AcroRd32.exe	90
PID 4444 wrote to memory of 4752	4444	AcroRd32.exe	90
PID 4444 wrote to memory of 4752	4444	AcroRd32.exe	90
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 1744	4752	RdrCEF.exe	91
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92
PID 4752 wrote to memory of 4544	4752	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\33dd46d3ccfbd0a6e0123f36252b1ba7_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A3CECA7319F97B884B780C1D5EFE5F62 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1744
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=36FBDB03F2ADCA7DF032857A4BE89EB4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=36FBDB03F2ADCA7DF032857A4BE89EB4 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4544
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0AC5554576E39CA830213B494DF9136F --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1592
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F61C3F26CD7638D136ACA336FC24C3C0 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2008
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5E117236A320985D703D7ACE6701109E --mojo-platform-channel-handle=2380 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1180
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=62670FC1E00CD28B85572FEAA472D5DF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=62670FC1E00CD28B85572FEAA472D5DF --renderer-client-id=7 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1cd9e61a93fbbae05f67b30a547bdeb6

SHA1
8460572e44fd1fd47b75fb727c39f40b177f6bfe

SHA256
f0d426a4b122c6e3315c2205edf5643d4fd3ec608c61c4e22362506e4d51f97c

SHA512
90b5bd0bb4a10d8013d4699fb785d216e3c975ef88ce0ad8d602e10e8fff32413fe9e37d57d909e93f4aefafac06ccee7f894f9b36934c7c636f71d3ae1eed54

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
68375750e85abdf2abd9e5bf7798c133

SHA1
e0a7a913232797d6acaa2c6113869636ce81bc81

SHA256
9ffb0e2e7c9e6286455cb4bc13d7cdf3c7758ed0cb72aaa7a0823af90db61763

SHA512
e50b0bf61b2cb30ebe8a0dc181b648c46ad6b24e15a70429f9e43533ac180de42b601c681d6a8e2f7b5036b298ee07b6fe7fb00e3ce1c2ba51fb5dcfda59fcc2

Download Submit