c232fc54a9fbec6ba258bb0779aeaca19e880f5283064fc598ffe54af7dc5f24

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

394080009a6012d2f5329392c8179cd5_JaffaCakes118.pdf
Size

62KB
MD5

394080009a6012d2f5329392c8179cd5
SHA1

5306b6fc9c5972dd0232aa6b4e78107feedea0bf
SHA256

c232fc54a9fbec6ba258bb0779aeaca19e880f5283064fc598ffe54af7dc5f24
SHA512

90150c63e1881a9041541096ab3177a91068321762c68dc2fe1c1c1fec0de372bec874ce55fe74dc009393ac3e7230f3682d40ad3f8632e54c9276a937ca9a5b
SSDEEP

1536:jGFVE4Hj2r5b5gTQ40Xj2dJBQz9wpaSVccdvcrD6leNyO:yFVEaj2Vw0XMBzpaFkvcr/V

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3448	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3448	AcroRd32.exe
3448	AcroRd32.exe
3448	AcroRd32.exe
3448	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 4216	3448	AcroRd32.exe	86
PID 3448 wrote to memory of 4216	3448	AcroRd32.exe	86
PID 3448 wrote to memory of 4216	3448	AcroRd32.exe	86
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 5100	4216	RdrCEF.exe	89
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90
PID 4216 wrote to memory of 3692	4216	RdrCEF.exe	90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\394080009a6012d2f5329392c8179cd5_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4216
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3FFCC34A091B76EE85039326775760CB --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5100
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DAECE8D39DDC3EF3A2639D79C21E9D54 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DAECE8D39DDC3EF3A2639D79C21E9D54 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3692
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6EF1837AF82AAE16E84B050486C60BF2 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3712
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E360A270434E0FCBD2252AC3EFF0F8A7 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3068
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B909EB86DADA1E034126DC26743D4661 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5004
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=617E6D43E72026206A25077EE3F7FAC8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=617E6D43E72026206A25077EE3F7FAC8 --renderer-client-id=7 --mojo-platform-channel-handle=2468 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e824ec0161328f0de7f5d67f7746d30f

SHA1
4c13c3417b2481e7c0342338520498674756b1dc

SHA256
8710fe8d8ff3f3aa639dbbf97b392d35a20a86ee32ebb69223be970b41946d74

SHA512
e45aed6fbf6f16df33861ecd385ccd64524472f9a3f37da7fc4f2fe963525a4df633316eb69855bc2d294a69095fa2eeba4e95a6aadd41bde8fac82536d30105

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c8d3b6ee5fa929babb66a5458575cc9b

SHA1
a5428627a818d37c02670e7dbd18951d62abae96

SHA256
70fca1a58b49e79f669333c0e50e59c6f1d94db190207da3836d1fbb783b9156

SHA512
8c974d992ef62671a13ef907ba469c2fa5582d5ca0ed9f472ee381b101b95a0554580445be659a3cc30d1bac4ef18fbc62d241618d4ba92f04178b57c4cc4aa2

Download Submit