c050966aff30b787f085114e540157a996654095bff09e03387713b01d397ce0

Analysis

max time kernel
141s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49420b2da8ab65a755dfb0601992dbfc_JaffaCakes118.pdf
Size

46KB
MD5

49420b2da8ab65a755dfb0601992dbfc
SHA1

b38baeb881a9aa2a90c0cf1e642e774631491ed2
SHA256

c050966aff30b787f085114e540157a996654095bff09e03387713b01d397ce0
SHA512

675198188445a58293aa56a6d015a1aff57abe04a852ad0288b333608c6eb8a977b7d427c8849454e63502f8fb3283e96a6559bf047c559a665b1db6034a0f68
SSDEEP

768:RyfaTqGhAF6Jwsyt7EA2wFZbbEaV9OrLTP/elZlqIjhc9dBR8OE5TXuMZmwgCLWI:RchGhAcWsyt7tXFBEaV9WLTP/elZlqIL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2784	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2784	AcroRd32.exe
2784	AcroRd32.exe
2784	AcroRd32.exe
2784	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 4880	2784	AcroRd32.exe	92
PID 2784 wrote to memory of 4880	2784	AcroRd32.exe	92
PID 2784 wrote to memory of 4880	2784	AcroRd32.exe	92
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 4444	4880	RdrCEF.exe	93
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94
PID 4880 wrote to memory of 1040	4880	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\49420b2da8ab65a755dfb0601992dbfc_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4880
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F303A7CEED5B07E7897B599716C3307A --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4444
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D15FFE605AB4B4E969271E9CC38C3714 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D15FFE605AB4B4E969271E9CC38C3714 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1040
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8DFE64F1DF32F6C7D19BA269412B5A11 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1984
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1AC30D2F653FD7DFAE4A2D52669F85EA --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4028
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=16584F7EC3D4FE796CEE23E1031A814C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=16584F7EC3D4FE796CEE23E1031A814C --renderer-client-id=6 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=53E29559C26CBE9E81B6F4C6321712AB --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5468803cb117d6612bfa149d1f4b5ce2

SHA1
3683b6f6d03acd9588d154a7311db783977b3756

SHA256
1a1f403b1b89937de9230df3f781de20686aee1d40912c92dc19e5ab656b3000

SHA512
8042eb46cda9ef935acbb0ff30a66647c391d00c18c448df04f724b930676a206210d212582560d1b31b5d07575f79531a3deffefc72a4d2e1c414e1cffe15d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
89204096b165ac16597e3547519f63fd

SHA1
1a42ac2a8a3e20213fe36b77a8e65ecb932a70c2

SHA256
de322d056b672a5d20a280379b26943a003b01e8a5e2b9f26d9af26c5cf5ffd9

SHA512
9810e5c56ed411b6136b8b0fc4987364b835c670fc7e154a13a397d45195e70b1ef4350b78d91c46ff61b627ba3ff58e33c07e30ad70f7ed0d5bdd79b4e9b724

Download Submit