b41a01a16b1d1319bc6bdbdfbe9fa5e86ca7204fa618b35d03076f766f471369

Analysis

max time kernel
140s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46b2350ea7a7dd2941673f6ef2573ad6_JaffaCakes118.pdf
Size

30KB
MD5

46b2350ea7a7dd2941673f6ef2573ad6
SHA1

bb5cc38d414e47c7a005550a7ab7eb022bcb0bd3
SHA256

b41a01a16b1d1319bc6bdbdfbe9fa5e86ca7204fa618b35d03076f766f471369
SHA512

d6505336912e1fddc12f93120bb04677789ee17f206aa7b1b2b516883f0dde9ed5d6f945e4f3fa680f79547db7c8d39872330e4351181530f636df61007b9171
SSDEEP

384:3/QON8MUG6Qgw0JZCTzz02YFnarX5WDcBy0KsjP42Lbfv30bZ2amQg/RCUSvLeg6:3XuMZmwgCLWarRk2Lzv21JwIymO9

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2024	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2024	AcroRd32.exe
2024	AcroRd32.exe
2024	AcroRd32.exe
2024	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3660	2024	AcroRd32.exe	88
PID 2024 wrote to memory of 3660	2024	AcroRd32.exe	88
PID 2024 wrote to memory of 3660	2024	AcroRd32.exe	88
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4696	3660	RdrCEF.exe	89
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90
PID 3660 wrote to memory of 4072	3660	RdrCEF.exe	90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\46b2350ea7a7dd2941673f6ef2573ad6_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3660
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=03111EADF0358E3212205D526A4071B5 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4696
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9B49CD36DF1DC4D42C6055757A7559F8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9B49CD36DF1DC4D42C6055757A7559F8 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4072
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A959A6483577A45C4ED8BA20F3EFE864 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2104
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=64EDF2B11C3A75A85B62F5E9DF1F158D --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:740
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D9D87AAC7D4D28DE53B6722F920E2CE1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D9D87AAC7D4D28DE53B6722F920E2CE1 --renderer-client-id=6 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4788
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=90F13B4DEED9FBD08B5F2BF8C9137B92 --mojo-platform-channel-handle=2584 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
280b3b7e3dbb55e95b621134135735c2

SHA1
e2a5da45d5b408ee8e52f64491a229d0a1411b50

SHA256
3c658e604bc03ead8d39ccca0696bf48360f3c48000b939eacbc83af7ebcb74d

SHA512
92d2a8ae4b5a7b51efdf20fe7fe945e14574c4c68ccf520096c06edb506b4239aaaf0e84365fdc7c76659f50a8b09cf1ea6790ac05f1663f1aacc256523dc5b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c920e26bade5cdaa2cbc25ac200ab910

SHA1
6ae559b04e0203affbed6062f635fa0e92893309

SHA256
841892be4cdfb9ef0b2522ac86944428d8de72840235d401257019dc9e54e7cf

SHA512
084a5b1779e2ab29f5ece2d9caa8d6ef69cadd8003cc0e1f0e018b59c73ead88579b5dbd37608483f28d1377bd5bfa811f711c6735da5689a13745af00cfa961

Download Submit