7d409b9d1f1b09e2bdec791e0e9b66ed3cbd168576a5e8efdc4df4cbc1e38325

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b7e6b4cdf744ac633600e14043943e0_JaffaCakes118.pdf
Size

185KB
MD5

3b7e6b4cdf744ac633600e14043943e0
SHA1

cdf3d5c21f83a8f18bf4c43acb89246d2715c658
SHA256

7d409b9d1f1b09e2bdec791e0e9b66ed3cbd168576a5e8efdc4df4cbc1e38325
SHA512

97e1921334febe1a8470b188b9db5540970034620177708328ae64a6ed0ad7e4755b0e1be3a42c7c04b3a966c374eec9a4eec2b34832444f3f58e7859375d8dd
SSDEEP

3072:p2irbxzGAFYDMxud7fKg3dXVmbOn5uq6KjnnQ6bgTqPHOwv9ZskuSL:p2MKlWQ7Sg3d4bOLQSHOCF

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1768	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1768	AcroRd32.exe
1768	AcroRd32.exe
1768	AcroRd32.exe
1768	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 404	1768	AcroRd32.exe	87
PID 1768 wrote to memory of 404	1768	AcroRd32.exe	87
PID 1768 wrote to memory of 404	1768	AcroRd32.exe	87
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 2832	404	RdrCEF.exe	88
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89
PID 404 wrote to memory of 3360	404	RdrCEF.exe	89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3b7e6b4cdf744ac633600e14043943e0_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D735C2655D4EA859C03F5446A484DEC4 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2832
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=86347D5429203E93861087E7CA55F772 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=86347D5429203E93861087E7CA55F772 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CB0FFD5D48F5CFDE3CD734EDE2E633C4 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3848
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F25C7D9135A622C8105C704A929E4387 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4748
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DF0A0AAB1EC94D255E9C94E2719D54E8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DF0A0AAB1EC94D255E9C94E2719D54E8 --renderer-client-id=6 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2040
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C2E36C0F1CC0DB4515FDA6BD7CD3423C --mojo-platform-channel-handle=1916 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
78768ba0873cf2796922587f5ab7c957

SHA1
f7ca8f0a3528975fca7a5fa62c9f2d50a69633f6

SHA256
04c2d7948b032ebe73d7f33605127a671562d1142c849e3c75d1010ad00f939a

SHA512
ee87ba64d6b1adc1ebed6c8dd0be6dd83911f275426bf3ccb4896c74f407ce0560bb99a2a2829e1b5f78579e013598ddedfb90d69b6e150df8c72d7d9d2f2972

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5235e4898a3db15440880425307bd2c2

SHA1
508e15ec8fdb8dffc71adcac5f13cb240ec2b2ec

SHA256
b56037f761bc828742c26a653e74fb15a028c8aaa122b77eedb6faa448bc0d50

SHA512
052f5f6ffbeb5b825a4ff7ff88cda216fc2c1b77cfa3c3e67e960083cd760b135cc133af0e5a3992acf70e21826850ddc5612ed8c7d090d6c70a8f12eedf324c

Download Submit