cae7473a9159adbdec6c1ea0996ead0e8f8eac8608b81aeff02e3739490b3b11

Analysis

max time kernel
133s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cb0774b70094edf642e218fb5ca8d44_JaffaCakes118.pdf
Size

39KB
MD5

6cb0774b70094edf642e218fb5ca8d44
SHA1

69694ba01049fee586d805a81efc040f436c26fe
SHA256

cae7473a9159adbdec6c1ea0996ead0e8f8eac8608b81aeff02e3739490b3b11
SHA512

67f298406055581b69cb119426d8d75d0352704d928a473be3d57d3ca41a2ea99d94ca2ef2a9f251c4cfbefab3bcdd8ed5238c48f2cf97d2f0c553c55d6040f6
SSDEEP

768:YXuMZmwgCLWarhWEtK8dVt3KWHKW7whcynTEI8Ypz+ch2hbG:YXFZmGWSXtXdBqW7EcyTEInpSZG

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2584	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2584	AcroRd32.exe
2584	AcroRd32.exe
2584	AcroRd32.exe
2584	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 1988	2584	AcroRd32.exe	93
PID 2584 wrote to memory of 1988	2584	AcroRd32.exe	93
PID 2584 wrote to memory of 1988	2584	AcroRd32.exe	93
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1100	1988	RdrCEF.exe	94
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95
PID 1988 wrote to memory of 1544	1988	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6cb0774b70094edf642e218fb5ca8d44_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8750CEC3C5EF61CDC8D1AE8B4764B8D4 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1100
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C4804F78F9E5233546A40663A4EDED7A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C4804F78F9E5233546A40663A4EDED7A --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1544
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=154F3A883299019AFA74C08B1A7A71D6 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AC32161D70763174D51C6EE171BE1572 --mojo-platform-channel-handle=1932 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E840D13F0308079798F098E01E3C7125 --mojo-platform-channel-handle=1920 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4564
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=879F2B2901A66DF13C5A1D76633FC1E4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=879F2B2901A66DF13C5A1D76633FC1E4 --renderer-client-id=7 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
637d0bf8eabc77b5b04b7afaba413b1c

SHA1
0fe9db18c42924f5ac7042fbf8c6a6d5db4aba9b

SHA256
600ae0d5115a73331f8988b1428ac4a3ad76c3aa507596ca1c66d500a5cc6b19

SHA512
9b0f56da4d470e505accaa39f6ce30c0bc92cd4c9a9af3cccf7caf6fc8d2301fecb2e690d4391a9735a4e79114223c6a8d88a3b16aaeb1e3d8dcbd013a4fa045

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
bfa69139242ecd899166a696cf979ac0

SHA1
330c2af1f7ec2a7982bac8df2befd33168de537b

SHA256
b850ef07ea0d364b90e85c4e61d2f3313eeecfa70929dac53756e709c6cc0d7e

SHA512
49109feb9fc404eac0220f44edff9e1774932c3eae87c83db2ee44e65d3902f8d89dca327ba5d3241748972cbdddfaadb41115832a6d7b3b9e4a11f44cd96860

Download Submit