abf7c4738c3f2c28181d0c794cf810775a1b4a350631b3aa53b03210ffea7305

Analysis

max time kernel
141s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

683bb5dd15781cdd39199a21d42127ba_JaffaCakes118.pdf
Size

39KB
MD5

683bb5dd15781cdd39199a21d42127ba
SHA1

a1afa7cf48c5dacb7f44ac9c5a0afd0ab4f528f0
SHA256

abf7c4738c3f2c28181d0c794cf810775a1b4a350631b3aa53b03210ffea7305
SHA512

870213f08a0d166be50e4ef99d9c09bda1e2359badc8342b871571938fb7ff47dcd8086ed1c867a59e2acc4c8e4da69af59747554559101ea92ad8207f8585e8
SSDEEP

768:sgGzpDoba++hdAt8YXjk8B+1omTsKVE5l4v7cLjOFJerD+jlgKNSPWV27LYKrnVf:pGFErAgKV+lkHerajlgKtVM9nVf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3144	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3144	AcroRd32.exe
3144	AcroRd32.exe
3144	AcroRd32.exe
3144	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 5000	3144	AcroRd32.exe	91
PID 3144 wrote to memory of 5000	3144	AcroRd32.exe	91
PID 3144 wrote to memory of 5000	3144	AcroRd32.exe	91
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1452	5000	RdrCEF.exe	94
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95
PID 5000 wrote to memory of 1000	5000	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\683bb5dd15781cdd39199a21d42127ba_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5000
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B48CFDC619FE1ACA2757CE847837727B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B48CFDC619FE1ACA2757CE847837727B --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1452
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=785773D4A4A89284B609451F2249D16E --mojo-platform-channel-handle=1840 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1000
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8881010FC34DE29F4AA8B32877A95F06 --mojo-platform-channel-handle=1832 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3876
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=18AA62FC3A44AD7900651AE20DF775B1 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3508
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=527DCD330C2E77AF94A83C178B0CA1D9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=527DCD330C2E77AF94A83C178B0CA1D9 --renderer-client-id=6 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E507DFE36DA6A26098A1B16BD7B1E952 --mojo-platform-channel-handle=2696 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4fa5b5f2f653ae094341d779a9886058

SHA1
d7b8ca0b74e22f35e1f5f76b176cd1861400e279

SHA256
e3059906e597f7a5e504eeb80ed6bc8e8607a51cd7cf1843daf3ec2f68b732fb

SHA512
bcef190df8c6dfb52d975e8121f732177e16f42a5107eba8512e220b08944acf48d744a7790b1e914868cdc7e59b33be2639b75d296ce33dc03bcd3f14f15d2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
266d877f899c522f7ec082cd55267952

SHA1
30f4fdd589a5ed83934618a48c247e4f37cd7605

SHA256
c04efd979ca1fbc92d782ca6df3f4e9849043eabc5872e064ad7acc95f18e010

SHA512
32e4978bf72fd90eb9c6f61ea0f9d6b16644fac5c04b3e0eef56115fb0604689f7f3bc20326672d489d2bf14346f9c4c99ad654632a367d1319c4ee40f24ed56

Download Submit