12796a65acfda97d46188a5cf455c7123e195dcfd20de7bef7018b31b8034723

Analysis

max time kernel
138s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aa868d307b3fad2b6913db0c179527d_JaffaCakes118.pdf
Size

37KB
MD5

6aa868d307b3fad2b6913db0c179527d
SHA1

7aab08d0d160b6dc61e9addfe0eec5daea59ce8b
SHA256

12796a65acfda97d46188a5cf455c7123e195dcfd20de7bef7018b31b8034723
SHA512

86372c2964df585452945f8cc8a1764ff31842e8dad0d02e7c0d9e88b2a644844b2614d990d35ae2462ed6863ef207b2caf5143c31bde6c0032c79d3b3b0fd48
SSDEEP

768:4PHbbidJNrEThw2Ky1TaVjV1iK1oPWVuG7m0uwDQSaeFW25JlbC1ES/d9NUngfmS:4P7edJNAThw2Ky1TsjV1iK1oPWVuG7mT

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5056	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5056	AcroRd32.exe
5056	AcroRd32.exe
5056	AcroRd32.exe
5056	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 1576	5056	AcroRd32.exe	93
PID 5056 wrote to memory of 1576	5056	AcroRd32.exe	93
PID 5056 wrote to memory of 1576	5056	AcroRd32.exe	93
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 3752	1576	RdrCEF.exe	94
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95
PID 1576 wrote to memory of 2156	1576	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6aa868d307b3fad2b6913db0c179527d_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=21115039FB03F39F9C092556F84A1D6E --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F4C1F1F0EE3B7009CAD2331CCB35752C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F4C1F1F0EE3B7009CAD2331CCB35752C --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2156
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EDEC006EF5026A3F235ABE16A75E1D3E --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:680
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B9325AE3C342E485A47D5C32F419B112 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B9325AE3C342E485A47D5C32F419B112 --renderer-client-id=5 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1580
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4194230FA3B60D87676A6CFF3A9BB268 --mojo-platform-channel-handle=2732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4152
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CE13E625AD64B44907F73C13325FDAF7 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ef82aa2126f484bdb51fa24269ef2ab0

SHA1
5e74cac9d5ce91c3b769069ce22e50f8bdbfbddf

SHA256
4d395fe053b648f642eda1c361ce0e90e361b3d9d802eec39f47457337f11e87

SHA512
4a94692ba9ffa5fddf05c8369e007cf60203cc23f682151fb4bc0bfde611bfefa7f6cc860658b21411fdbb8e1cfc0f1af31a3623fb66bf065b855de3389dfd10

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
893177ec4dd6a490ad241e5d602baba4

SHA1
fe628981a619ab26983f416e04dd4b7a9267afd2

SHA256
27ddbb005eb11d2e2ac122799be54078bc0456780ed631a14054c42b3486709f

SHA512
6ee9c9b32fc0b37bb4e4724df582a2d1c092451ceac2e143035c7a314c50418c319b01b01e9796f1a7a21f93827a43ed5fd927568983092a1a4c328812ba978d

Download Submit