88d750c60b419f9fbaaf83dbb2beb5a2db55da688deeb854e6adb12686f49dff

Analysis

max time kernel
140s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b6812983414b5b40ee36f517cdc9d75_JaffaCakes118.pdf
Size

40KB
MD5

4b6812983414b5b40ee36f517cdc9d75
SHA1

95a7255578e85fbd0703d2492c9ec73a3a394770
SHA256

88d750c60b419f9fbaaf83dbb2beb5a2db55da688deeb854e6adb12686f49dff
SHA512

d668edff7b8495363ea59b7e2453d996d30da73de31ebf4441aa66b10d672b6e324952ea3443964cdc3de5b0b97f5a8fb3a5d66789a22efbdcc90aef4ab2f117
SSDEEP

768:LgGzpD1pIJyyh0vkixvkArFqTUL2vlBcHerHQCdYemi7ir4Uvehnhi7kY:0GFZpIA2SI1xmiurDmhnhi7kY

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4036	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4036	AcroRd32.exe
4036	AcroRd32.exe
4036	AcroRd32.exe
4036	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 1556	4036	AcroRd32.exe	92
PID 4036 wrote to memory of 1556	4036	AcroRd32.exe	92
PID 4036 wrote to memory of 1556	4036	AcroRd32.exe	92
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 4880	1556	RdrCEF.exe	93
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94
PID 1556 wrote to memory of 3224	1556	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4b6812983414b5b40ee36f517cdc9d75_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2ECC3A1924FAE9ED89E1486048496A8D --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4880
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C5141234DAA38E585B859ABDC5482D2D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C5141234DAA38E585B859ABDC5482D2D --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B5580B326A155654A67C135A7B11BB21 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CE8D9FA4A92689AE88AEA5F9A88F0996 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2536
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C5E0F9876F6EDB297E630A6AC4FF2F95 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C5E0F9876F6EDB297E630A6AC4FF2F95 --renderer-client-id=6 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4768
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=596B5A993E2CE0E71DD7AB1B51E0B2E1 --mojo-platform-channel-handle=2536 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d592e99f78123158f8f1bcec431c5e18

SHA1
950e68486d80c8fb992af3c5881dd01b701f5a18

SHA256
4d2bc093fb5977870734d766e51e850805c8fda4a9f9811702de4baa46a78768

SHA512
902dfe196c6d30082e757cc17ab086cdba593d94c421c9ee1f11d627b7450a12fd6e58cf9acbab7d56b411735b1b87caeaba6cab562972d5f9a9d8347ebc451e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
018bfb8829ecb52cd9a44b3981535d58

SHA1
1fd73dcf331cd212b46e94f6d18bc1c2fbc4cbf4

SHA256
9ec781e05fa1f5090a1393aed08fd93436640675e807d75f5cc5e3ee672407fd

SHA512
5682f5dfe5a1a53a07eafbb032dece336d3b4b0afd10cf2954375df7f1b1da0de38a1df1f6f7285ab5ac99517db4f7372c0c1f911e836830bb43f78653b7653e

Download Submit