5055392370415e01417348185b1b82ed58aecebe123342f729ba63bda5ed0916

Analysis

max time kernel
130s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77115c70e8c614cf6c7d45f1b648c572_JaffaCakes118.pdf
Size

43KB
MD5

77115c70e8c614cf6c7d45f1b648c572
SHA1

e66a88240c4b9618758a096bff292b90a80f2fad
SHA256

5055392370415e01417348185b1b82ed58aecebe123342f729ba63bda5ed0916
SHA512

ae18696ab2a46790feb6eee0f1f34e68f48db415573aa4f976f23bd176150284e32ae8c04b14cda6bcd986ea7aba00df9ac539d0705972b19214a441b5c4107f
SSDEEP

768:4gGzpDQpBohsE62lizxHUQLhe7nh6loB5xdnyugOqsE+KCknALq97GTR9M:VGFUpBcsE/liOJnhRXxByugOqsd8ALud

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1220	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1220	AcroRd32.exe
1220	AcroRd32.exe
1220	AcroRd32.exe
1220	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2396	1220	AcroRd32.exe	97
PID 1220 wrote to memory of 2396	1220	AcroRd32.exe	97
PID 1220 wrote to memory of 2396	1220	AcroRd32.exe	97
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4996	2396	RdrCEF.exe	99
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100
PID 2396 wrote to memory of 4548	2396	RdrCEF.exe	100

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\77115c70e8c614cf6c7d45f1b648c572_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F0361CBBED1434E7ADB167C6B73E5DDC --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4996
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B1F86E7D12E65DCE1C99F9B8812B6F21 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B1F86E7D12E65DCE1C99F9B8812B6F21 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4548
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=171B88E71866A26299413695A49201B0 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0968D85A843E7B3F7D298A4614323889 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2136
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B471A4DD4385013DFE2DA38E6FB62DDA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B471A4DD4385013DFE2DA38E6FB62DDA --renderer-client-id=6 --mojo-platform-channel-handle=2412 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4684
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=262C94D83D1BF7E2FC1A7DACD8034E95 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
9bf89d1a79af1cc48e7c085ac9ac05fe

SHA1
12fe5a1b0fb868a884ee1bb5471b88d63e633506

SHA256
495a274d5c347495ded2c6dccc79062661eddb9d0e0bffe92bba2199ac9de655

SHA512
0bc1c9027d637a20a59b13e076a036e221c04c0d33bd12f0938944371015dbc5367d8916981695a74eae961b5ff359d6abd9f79929e4b7858ab29877278fbf1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
34566cd903ff2b17d3203ffbefe09498

SHA1
718be83ce36f84ddc3845fbf4c6ca7c68c3f5b01

SHA256
3d8519174d288d169c038c6b7ca5012ba8d3e7ea6bfbc223c894f5344154fe38

SHA512
b1df9cb7d7429feb602cfd0d7f8bc5e46ef87ab3ceb85cbebd55257cc48075e29ee06524629c622a0b0f37ebea2c3216cf05075804a73a576243fd9f5f775120

Download Submit