95b2b0018606fdbd5405caf36a8cadd193e8e26e3305c817d6e9ab3c9943252f

Analysis

max time kernel
94s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 09:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4595a873dbfb08959c7574fe35b39af7_JaffaCakes118.pdf
Size

38KB
MD5

4595a873dbfb08959c7574fe35b39af7
SHA1

d9851fcf590687914fbc9102c03d3c895d5cf176
SHA256

95b2b0018606fdbd5405caf36a8cadd193e8e26e3305c817d6e9ab3c9943252f
SHA512

c6ffb17a9a9efa040fbf821871ae7fd1cca1dcaf73ca58e4fbbb0761e3563cb1f529ed953797099769ba5baa310d2651c8949976c58a01caa0b24c70991c06aa
SSDEEP

768:DD7anDIGPknD6XV7uHSx3EAETLJQuKsNduijaYSVOGSULB0OQ2QENjfHSL0xGUph:+nDzNbrj

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2512	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2512	AcroRd32.exe
2512	AcroRd32.exe
2512	AcroRd32.exe
2512	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2128	2512	AcroRd32.exe	84
PID 2512 wrote to memory of 2128	2512	AcroRd32.exe	84
PID 2512 wrote to memory of 2128	2512	AcroRd32.exe	84
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3692	2128	RdrCEF.exe	85
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86
PID 2128 wrote to memory of 3864	2128	RdrCEF.exe	86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4595a873dbfb08959c7574fe35b39af7_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=497C8283F7F781A93BEFF8122F947CBF --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3692
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=ED966FDD5636096D47D716A862E5A194 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=ED966FDD5636096D47D716A862E5A194 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3864
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=41454C09FBF2CA6D2B276F3352882B03 --mojo-platform-channel-handle=2276 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5012
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9848651DBD0D89BDA256B4954E38774B --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3664
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D8D1C56C1B0FD80083E9FD744BF890E6 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:816
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FDB89BFB6092BABC45AAF9B0F01D3117 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FDB89BFB6092BABC45AAF9B0F01D3117 --renderer-client-id=7 --mojo-platform-channel-handle=2576 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
78fc27f3787f0c4fb7059c7b2337320b

SHA1
38b2602ad232bd4f3ee66e6a4893246eed43e8be

SHA256
5a3a7e1fb7cf8182d1ac9332b14e41bc32e5d3d4981e4c78b4099dd7ed60674e

SHA512
f3cf59825b4dc2d2e22148aa5911bd8a31f7eb8756e96bf0e801473af35e2af767c100a9b9e91de6c0a75c572ff463878d4b7d9f74de2038f6693692cadd2eaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
f1b42fb8db96984e6f35582486cf2764

SHA1
29e1ded08f79ceda224715330f65f054ff072115

SHA256
a6cbdcff6d1f309b9312689e52edb1a25e137b772045c5265e18a2b22a43f300

SHA512
440a9b81ab916c694bb5a36ed32f77a5cb79401a5a9248797f53a358de7f5533bccb0c129845e781c77e458b9bc578b3c6b98938297464acade7556e770bd1ea

Download Submit