c1bfbef6230d3339906bf8103e49a9bb95e30af9c66bf0153c4def0e82686978

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 09:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33f4e4e0ca295dba9fd2ea18b38cdd2a_JaffaCakes118.pdf
Size

49KB
MD5

33f4e4e0ca295dba9fd2ea18b38cdd2a
SHA1

bffe56a8c4cd48334d6121eab92034e208d0c4e0
SHA256

c1bfbef6230d3339906bf8103e49a9bb95e30af9c66bf0153c4def0e82686978
SHA512

f68c22df99923c55624164ef32dd947b672576724ef4ad57fd1ec143a652ad12f88d59737ffc2a381456c960aec081ccd723c07b8369e28277390985b87413a0
SSDEEP

768:cgGzpD4pJWMmfoP4f34cA+0hBkZYceSPpufL2UtdaCc3kD89/x+Q5nPXUQ+iGkvE:5GFkp/IApwZYMBx32K/xhNfXKMqAr+/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2320	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2320	AcroRd32.exe
2320	AcroRd32.exe
2320	AcroRd32.exe
2320	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2812	2320	AcroRd32.exe	88
PID 2320 wrote to memory of 2812	2320	AcroRd32.exe	88
PID 2320 wrote to memory of 2812	2320	AcroRd32.exe	88
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 4956	2812	RdrCEF.exe	89
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90
PID 2812 wrote to memory of 2600	2812	RdrCEF.exe	90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\33f4e4e0ca295dba9fd2ea18b38cdd2a_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=18E03A3BBB03AC76BEB0B8457D3BD1DC --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4956
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E01AA290A9748280CA6EDB323965331F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E01AA290A9748280CA6EDB323965331F --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2600
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4071517E35AA57EE6A4336872D398608 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8403832B7EA3ACE0E607C7B1F1301B14 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8403832B7EA3ACE0E607C7B1F1301B14 --renderer-client-id=5 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3760
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A291CE9213AF24E9A7755D52BD215FE8 --mojo-platform-channel-handle=2592 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3916
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FE569DD50B2F0BA9CAD6E886A9D58C67 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7c2b1873fb297293b85cdf1f776c9b2a

SHA1
cd6d8d9ba1ed35ce090430e9f8447170de91f964

SHA256
4721c4546d7a78648f2899225b8376768eafcabe5d9d69906d701d945a95e60a

SHA512
17f05767ac37e739bbd9790354591f9ba5320095fc4f4ccebe2f4778906b58d4a2ae02ace1f36f254f24ccb7e0f2d34924e98dd44c347a311c72d58a37d767eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
2964aa1147ccd4120efbe4d6d3c89083

SHA1
98f952a5146c0c650d02fb9e4e3095202b2126cc

SHA256
455d6326db6cdbae0f25de58906471d4ee16eb91469b64afda76dca33cdcc640

SHA512
b753019569eb625e277f46972e3ef9af08bc0b326e19116e91fbce18408014a404fd2804b94ebffd8ea3aed0f804746aea53e28f0fd945931d6de8cca33badad

Download Submit