47c23234a9444f826b9092aaa0d49d117f540f20d11db2708c327b086deea878

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

708ece00804a9fd2a99be817b4d2f34d_JaffaCakes118.pdf
Size

46KB
MD5

708ece00804a9fd2a99be817b4d2f34d
SHA1

00aefd67e2b2c934a06afd642ddfea5443951334
SHA256

47c23234a9444f826b9092aaa0d49d117f540f20d11db2708c327b086deea878
SHA512

075405ccf8797e26dd0a90ebfc0d7805629f69e016aba8a00cc21c331fcdcfec0170fa502ae1206c41cfe1ff7eec801bb3c88eef2641a590beaa1b81224d3b67
SSDEEP

768:ZgGzpDqKyUmAePOAcby7vkdTxYrB/JfydieyoHH7A0+2o1qfMM9y33Pwlkuu8z:aGFueCJQv+2oE7Qwkuu8z

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4084	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4084	AcroRd32.exe
4084	AcroRd32.exe
4084	AcroRd32.exe
4084	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 4284	4084	AcroRd32.exe	91
PID 4084 wrote to memory of 4284	4084	AcroRd32.exe	91
PID 4084 wrote to memory of 4284	4084	AcroRd32.exe	91
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 3284	4284	RdrCEF.exe	92
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93
PID 4284 wrote to memory of 4648	4284	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\708ece00804a9fd2a99be817b4d2f34d_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4284
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9164B546E5A745113F805F8706F474FF --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3284
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=88C944C1DD5B61628DBC7C1F9317DD64 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=88C944C1DD5B61628DBC7C1F9317DD64 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=465B8871823AB981B1B4C092D7BF7474 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5084
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C28192AAAC7075C1289444ED3B354B77 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3636
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0A78D0E928121B587CDC6B4456FD6D67 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4492
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=202004A52C35DF02B7E9BA8139466A54 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=202004A52C35DF02B7E9BA8139466A54 --renderer-client-id=7 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4e59c91adb47419da02bf177b67be966

SHA1
81d498e7fb14bbc7fa4847dc655ccc30cd10e105

SHA256
1eb56ead43f7e06b6c6bbe22ae0734aa500cf311e1b8bb59b5a62eaa9e2471e0

SHA512
9119c4fb4bb47cc075509a3829324028eb7f20ebd8c7d32aed680d6e2a3755d51f0b342cc9d6122068ac7ccb39e31956a631c02e5aa9565f4a2ddeaf75b11a68

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
2227c35125a4c5daf34d10640d66f621

SHA1
38312a0326678524da2a564b1415eeb40382ac76

SHA256
bc831fb1663b39a5792afb7d4aebdf87dd366741e2bf2b027fc1bbe392c29487

SHA512
40f223bf4e77e515af41bed70b01c17c30d8b6d8a5648bd2e99da103b688621c859f0ca07fc21bb6ad2cb3d0c633a1c47927de31c8b19f833edc362833a69428

Download Submit