9d4423aa06316f7b89336e55b1f5795e78e9972c2c9c685ec4abf5976b8a70f3

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 00:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5c4fe8cdbfeead906fe44f9919d7257c_JaffaCakes118.pdf
Size

45KB
MD5

5c4fe8cdbfeead906fe44f9919d7257c
SHA1

c491a1dc0ec66119a3470eec1f3e8357e08c3b9c
SHA256

9d4423aa06316f7b89336e55b1f5795e78e9972c2c9c685ec4abf5976b8a70f3
SHA512

5cfb1f7cd39e14e690c4995b3ce5bc0d7b7c332239c04249bd546756224124781a4dd7205021482a336c5d61383b31c4e0e180ea61fb264a96af2a7c7b928c74
SSDEEP

768:sgGzpDdpAQcCYUQBrgSNsuLyShUXPgI0itsrrPzszsFhsObIMHVWv0JB:pGFppwh2PgI0itsHrQsFhsObIM1Wv0JB

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1148	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1148	AcroRd32.exe
1148	AcroRd32.exe
1148	AcroRd32.exe
1148	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 1372	1148	AcroRd32.exe	93
PID 1148 wrote to memory of 1372	1148	AcroRd32.exe	93
PID 1148 wrote to memory of 1372	1148	AcroRd32.exe	93
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 4856	1372	RdrCEF.exe	94
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95
PID 1372 wrote to memory of 3764	1372	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5c4fe8cdbfeead906fe44f9919d7257c_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1372
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B71620A2C49C78592389EC8B4CFA5B25 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4856
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8004BAA3888AE57C899B75DCF6ADDFB2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8004BAA3888AE57C899B75DCF6ADDFB2 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3764
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9B68207DF49200A0C26101A6EF4A2879 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2088
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=371332196047BB6977FD3B52F6F18EA0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=371332196047BB6977FD3B52F6F18EA0 --renderer-client-id=5 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:492
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AD24490E131265C1A4479E224D97D7C7 --mojo-platform-channel-handle=2672 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4088
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3E1520511F9E7A3D4FD10A1074C90864 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
389cf869266860f1000f6aeaa7c1394d

SHA1
380207f6c02ea24615ea216ac59f6153f3a98296

SHA256
72aab43cba16c1dd881ae2a9c75f7730642344da463638b3f2c6374ae2f94523

SHA512
4c5e4173d0e4cbc690e166020c69ce0998b48cd7d071c0ff0b4cfefa556a5a8f43cb0cbde22529be25075608885a09bc5dc07b6cb7f42ffe357aa2881277518e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
85d8020b754596fb3112664fc5b7f48c

SHA1
add5bd703d3fa9058221ab6f7249172d7e45040a

SHA256
76be4411f82338282cae519456029e451416df1ec979190bc65055950f1f105f

SHA512
117de337d7e3e20adbf84e57413e3c987b9ebfcc8ff4720bf2b1d7ba18aeda51486e7da15a88194a604a220de2814d4987fac7eb2daf55038e9075221937edf8

Download Submit