a90d8f5f5f9ffd5d812a4bfd624eeb1b0b33e5c4c7e65d1429cdc8a6776323e3

Analysis

max time kernel
133s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76abc0d8da42c5a09b06ea2f13acc4ba_JaffaCakes118.pdf
Size

41KB
MD5

76abc0d8da42c5a09b06ea2f13acc4ba
SHA1

3c9ff705b4cb247d5d8f43d6b8c30ff63e63e022
SHA256

a90d8f5f5f9ffd5d812a4bfd624eeb1b0b33e5c4c7e65d1429cdc8a6776323e3
SHA512

777fb39037323c9bc1c43e1d1a312bcd36daf37394f597f9b29ee7e5a334d03a06aca7153fe788b78fda8d83eb8fc138b760c8b23b3bed35dd4a48041761f764
SSDEEP

768:fZgGzpDspV0R/zCPiVIV5txRc9HPxi82JGSv3UYiMIx/imDNxbzgcIRBZhlF/R:iGFIpaIV5txRc9ZiQK3daDptz4HLlFR

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1480	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1480	AcroRd32.exe
1480	AcroRd32.exe
1480	AcroRd32.exe
1480	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 3940	1480	AcroRd32.exe	93
PID 1480 wrote to memory of 3940	1480	AcroRd32.exe	93
PID 1480 wrote to memory of 3940	1480	AcroRd32.exe	93
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 4232	3940	RdrCEF.exe	94
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95
PID 3940 wrote to memory of 3012	3940	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\76abc0d8da42c5a09b06ea2f13acc4ba_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3940
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A08F0580922EC8846AB2F25227F2D0AB --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4232
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=125258466E7BD92C0AAF102F9DD2736C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=125258466E7BD92C0AAF102F9DD2736C --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3012
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EDAB7746835F266FB00475C64B05572A --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5698CF7E0405F8A20DFDB4241AD420BA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5698CF7E0405F8A20DFDB4241AD420BA --renderer-client-id=5 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2336
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D883CBE6554446254FED01F36B4ACDA9 --mojo-platform-channel-handle=2684 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2528
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AD0A03153328E8179ABE17B31C0F3ABC --mojo-platform-channel-handle=2384 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d3b3b26a2b139af3a843c7146c215832

SHA1
9eb8299eded9e65a825470c13a1399d04d2c308c

SHA256
93dcaf63aeb783f56b276b42e388d62fcc516f85bb33df2cb319402ca26d63e6

SHA512
4d51c4965496ba97703132c6d01d1dbea6860bf402415020bfc2824b25a0661251ee551a8771d798ddae21fa81034553efe86dbfae3138fb24553dcdbe370934

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8c992143acef371cc89714f326d56dc0

SHA1
06ee6b96c7819312f520fc59b55e07547f3f9173

SHA256
257403e3672b001a813511450b00090ccd7d2aa3e8020a0269a83b37c548081e

SHA512
9f17fc6b78e73a587aa352123ee55f523a5b762db00c661cc313f4ed4bcf56d1afcc484cafb9acd6c8e992a693de4ba62af9be2a62f9c2871053fb15160d54fe

Download Submit