3e6ad4fd4afdfa90b97c9cafe032a59ceccb66832a36aec34ed11f4cd817641a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

351b84b241ec2f7c3b703a51473c9000_JaffaCakes118.pdf
Size

45KB
MD5

351b84b241ec2f7c3b703a51473c9000
SHA1

e6030c7961b475f5d4abda1a4e9ec3040e430d84
SHA256

3e6ad4fd4afdfa90b97c9cafe032a59ceccb66832a36aec34ed11f4cd817641a
SHA512

bc6c90c3c9ba9c20acf7e69af5406ed9563e711a265afc7d53efefb454a7b4fec9b54814384e9bf0eac6158e747d548be1e110fbd7779bc58dedaf0caf9f3683
SSDEEP

768:KgGzpDmeEg46AnUZmAwMmv1r2QaL6QjyoXuN7/owDVdG0YM1T/T0kbhe5ytZU2Bn:XGFKePmQxuND5rYYrTDNeiZU2Bo0

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1148	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1148	AcroRd32.exe
1148	AcroRd32.exe
1148	AcroRd32.exe
1148	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 868	1148	AcroRd32.exe	88
PID 1148 wrote to memory of 868	1148	AcroRd32.exe	88
PID 1148 wrote to memory of 868	1148	AcroRd32.exe	88
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 2424	868	RdrCEF.exe	89
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90
PID 868 wrote to memory of 4976	868	RdrCEF.exe	90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\351b84b241ec2f7c3b703a51473c9000_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:868
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=058C4B38D0DD7DB52DF1CAD686179C93 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C87899ABAFAEB26A2D5109BA5E49C630 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C87899ABAFAEB26A2D5109BA5E49C630 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4976
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=63D58795BE684FB1C91AB5C437AFD7DE --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1800
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9170FE8083638C1972EE62B9D414DAF7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9170FE8083638C1972EE62B9D414DAF7 --renderer-client-id=5 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1824
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=33A0439618B3F288999E52EA3A4EE818 --mojo-platform-channel-handle=2672 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2380
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22DB08A0AB95431B8AEE3CBF65EA9A1F --mojo-platform-channel-handle=1972 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b93c45c1178eaad5a13bead39a2c4e70

SHA1
78723d771bdc372fa88510f874bb79faf634c189

SHA256
d1936e2caf43dda20707af17d75899d80682e4d343942e8926f332037c6db03e

SHA512
996bb075028dd9472870404d53faf8e483e2e2f32cc4df1764c122c16c23a90226337e8eddefe1986ff798be9f37496b9cc29d2ac35378b37ac59e2be4f75b39

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5f5fd355d5a13e9231878b4ff008fe83

SHA1
462668db165271f17ee36c2e9df5bc0189cd06c8

SHA256
31e62687123bdf0019ebcf4eccf7e06abe230990f18293b41210b86d5f756ab5

SHA512
95c54bfeb3a8238e9ac7e2681330a602367004b50bd18eda9856b497163363d2604e36a8a6ec8e22963fca7bfdbde296c75a3d72e1ee58a2be860613413b34b5

Download Submit