9feae7d9853c6199a486ff6251564f97ab388392554f81cbee714044f000acf5

Analysis

max time kernel
132s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dab8bc90a64491c1184f886dfa94865_JaffaCakes118.pdf
Size

44KB
MD5

7dab8bc90a64491c1184f886dfa94865
SHA1

0ec316e74bc2b24d683712d1c5e9ac48feb3f600
SHA256

9feae7d9853c6199a486ff6251564f97ab388392554f81cbee714044f000acf5
SHA512

31aca432cf1744ce9d166ce51ebf09dba64dadb1c6a4ad921d604a7bdc9715925ede31887609f6a46c6899a1ed449b5ec8f7b7ca74b44459f7a795389b52902c
SSDEEP

768:jgGzpDhpWMw1JKAafHeZTb6pG5shOsheOYTMp4YO5DkeWtoXUOwlZEmhpMD2v:cGFNp06pGehFeOKS4YGnWSwEmMD2v

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4680	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4680	AcroRd32.exe
4680	AcroRd32.exe
4680	AcroRd32.exe
4680	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4680 wrote to memory of 4696	4680	AcroRd32.exe	89
PID 4680 wrote to memory of 4696	4680	AcroRd32.exe	89
PID 4680 wrote to memory of 4696	4680	AcroRd32.exe	89
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1436	4696	RdrCEF.exe	91
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92
PID 4696 wrote to memory of 1932	4696	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7dab8bc90a64491c1184f886dfa94865_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4680
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4696
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4B27D2286B40967AE068A11B84C5D0AF --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1436
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8D8346796061BC02C56D48F011D2A01E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8D8346796061BC02C56D48F011D2A01E --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=00DC9538BAA2CBF5CF8A29E9B1A070B7 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4392
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=286F81B4640458F6237641B7AE0E5E36 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=286F81B4640458F6237641B7AE0E5E36 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2420
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E93391043D50D6B1CDCD23DEF717CF05 --mojo-platform-channel-handle=2672 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2592
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=70C35C3467A42897BE541CCD30585985 --mojo-platform-channel-handle=2392 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
bbb29dddd154f950003147206ce6c07c

SHA1
4345558cf59362d46781704741b592fe98ac0c67

SHA256
5a16f11befb8db3e6bcae1d809c10e6d1e69a1f723cef69c31408cfc48dc6406

SHA512
3bd732cce864c13a9d09a0eb2c544cbb601a1943dfa6f3481ed1e3b47c694b6189e9507ea8527c325689722f0ba9c9831cf8963ea1f56a3edb30d3098895f879

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7533d7413a882a8dd67b1f3d39603631

SHA1
e5274b4059838c11d4b9ef26ba2de5b996f7c2cd

SHA256
f69bd00f5c8c05345ea85b47182c6e3f3aa1bfa7b47d4d5ff1b3f51148742c07

SHA512
2231e6b962c6f3894051cb180a3ff310ddf2f3bf79ada2ece6ead5a18e8b55bb939278ac607e75d125703cb4f332b8acf4252245729fa307155e1dfe595caf48

Download Submit