fa43469068ee6c9bfc8a4c701f1557f3b30cf369445f832e890ecd61d3c98180

Analysis

max time kernel
139s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c6e9c548d3aefa2ec6e19655897b3ab_JaffaCakes118.pdf
Size

52KB
MD5

4c6e9c548d3aefa2ec6e19655897b3ab
SHA1

80ff8df1c87578c5c7b2f23ba740665baa945106
SHA256

fa43469068ee6c9bfc8a4c701f1557f3b30cf369445f832e890ecd61d3c98180
SHA512

abf2f3df33297e3fee02f3eafca3397faf5b8b7afd58a4c753b40fbcdccb2327b288985bc0c3b973aacea6f0ca0535bea9592d3563db7b3406b443bd6ee56b16
SSDEEP

1536:PGF7p98s0bwTtoq142lIOLn5iOkynjewFBL5EFFR:+F7p98DioqFLn5vF5E9

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3176	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3176	AcroRd32.exe
3176	AcroRd32.exe
3176	AcroRd32.exe
3176	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 1184	3176	AcroRd32.exe	92
PID 3176 wrote to memory of 1184	3176	AcroRd32.exe	92
PID 3176 wrote to memory of 1184	3176	AcroRd32.exe	92
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 4584	1184	RdrCEF.exe	93
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94
PID 1184 wrote to memory of 1252	1184	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4c6e9c548d3aefa2ec6e19655897b3ab_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1184
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0F1A3CC9E1D73AF42088C534734B9488 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4584
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0DDA617E7C75C341C78A58978D5F7E83 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0DDA617E7C75C341C78A58978D5F7E83 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1252
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=933A1BA217EB590E7827897BC586C0B4 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2580
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=ED59EF4A8322C5B8E0F08B7B77A6506D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=ED59EF4A8322C5B8E0F08B7B77A6506D --renderer-client-id=5 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2456
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C683EEAB97F70863D891A57A08964328 --mojo-platform-channel-handle=2448 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3908
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D00C79C5C2E248D358DFE8068C0A706B --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:32

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8d8d80946a6155f1b47dc7fd160d00bb

SHA1
245e987cd9dd098af166622cc87af2cbfdf9199a

SHA256
a4212e82c3c54ae0d6944457e2b6bf8813fb23c3c7543fc18617c642ce30d084

SHA512
604be6aae4c910e241675aaf97b241b5318748be48f4ccdf288e3963ee7fcd37f0ae8c0fc880d50e06cb8789d051d69f4add2236af93a5bdc814e990220bd2ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
01fbb5e77f3cccbc31ebedc6580ed5b7

SHA1
46c4765cae6b5178842e7a9f7eeeee89cf04d4ca

SHA256
7671e814d849f126facaac2019e78e6fc2deaadf4767ada601848914c0159c8b

SHA512
1ee75a8a1e09f118cb901fce417aa41ad539cacd8cb14329daf980616fb2528a913a468aaa55d710fe994c222b1d6bbbe5ed8d668a7d95bc512c7309e0b3655a

Download Submit