cc3bb3de50d3b7947e270f100feed16e4dedddf54affc2d96a7d8a1c82871369

Analysis

max time kernel
140s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

650ee0525f106f1271e8153248033696_JaffaCakes118.pdf
Size

36KB
MD5

650ee0525f106f1271e8153248033696
SHA1

4f24c84ceb1e498def183bd830eed32a50ee0e96
SHA256

cc3bb3de50d3b7947e270f100feed16e4dedddf54affc2d96a7d8a1c82871369
SHA512

458998bf67ef439d8c5e3dc86c62f96e7cf5c0e1f4e4574d538d1986cc52e8da6e94d118d0eb46dc8c562b27b80816e29f5691354e1f36c861ba89cb6276cf7e
SSDEEP

768:QgGzpDKpKDlk7C7vmhuDpNEyGEmfT2UDRMrwNNDBiNnJJma:9GF+pK3EyGJT2UVIUNDSJJma

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4012	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4012	AcroRd32.exe
4012	AcroRd32.exe
4012	AcroRd32.exe
4012	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 4500	4012	AcroRd32.exe	90
PID 4012 wrote to memory of 4500	4012	AcroRd32.exe	90
PID 4012 wrote to memory of 4500	4012	AcroRd32.exe	90
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 3380	4500	RdrCEF.exe	93
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94
PID 4500 wrote to memory of 2536	4500	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\650ee0525f106f1271e8153248033696_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4500
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=48E0E7D5DD885DC39524594778283690 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3380
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E81D59A7C06433651D0BB3BC8ABAA2E7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E81D59A7C06433651D0BB3BC8ABAA2E7 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2536
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=272498053A3DF85F64C5642EBE2A4373 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1336
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0F3B164DC707DD18E11E4150CFC18CA8 --mojo-platform-channel-handle=1852 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3468
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=74C7AC09DFCCAE8A734C6D1B58E54FB8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=74C7AC09DFCCAE8A734C6D1B58E54FB8 --renderer-client-id=6 --mojo-platform-channel-handle=1968 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2164
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E9FC9383D88F567F8AACEF9304345C21 --mojo-platform-channel-handle=2396 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4f0b56808f6e77ca306599b22fd94e1c

SHA1
138aa549f8b1265956d12ae15082eec217324740

SHA256
03810786da9593a62c216e1699ab29d2858318362f74658a4026c23ac546a70a

SHA512
ee9464df8f3b00fb3294138c92f1095f1f183b3dd0c5ae5a2843c92026262141838253783dbe9728d296f174b0d54272acbc1f1bbf0180ca625c15f3838f4fb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
97267a010b3577cd2193fc92b3c48121

SHA1
4a733c1bab336661cf43104b77d98d2c62102fce

SHA256
eea122a006078c2c41b2ad1d013c3352e9070f53bab924850dbb2fbc85a770ae

SHA512
2bfc81bac49b979cc2f1e31729a0bff101fc2ebc9b3513710992ead47a9e71417777e432aeab05b4b62ddbf94a87f996288b2f52cf3c1d3e74a7090d110e473b

Download Submit