7e01660d051dd01257decf1a453ba6c646f343c3ccc133d7ff9db9b597b93617

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dc290cb12a86d2cd1407dfb6919b2bc_JaffaCakes118.pdf
Size

43KB
MD5

7dc290cb12a86d2cd1407dfb6919b2bc
SHA1

fff4630f58024126172389234e49b1f25c2cc3b4
SHA256

7e01660d051dd01257decf1a453ba6c646f343c3ccc133d7ff9db9b597b93617
SHA512

e7d7221bdf76121f2e86d653cad9cd1f407a7824ed9963dbd863a1a3023c4fa9be6d7648304116ff9fcfb2745ae6081101546b1daaacd5ccb814f0b755de4a0b
SSDEEP

768:Mnodq7/U2I9Zf6XV7QSucCzUCxlg6tJhP/divmI8tMmtYlAkCus4Yd2rrCtGANzN:Mt7/oq0dflOpTntWovAITLE

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4776	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4776	AcroRd32.exe
4776	AcroRd32.exe
4776	AcroRd32.exe
4776	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 4584	4776	AcroRd32.exe	90
PID 4776 wrote to memory of 4584	4776	AcroRd32.exe	90
PID 4776 wrote to memory of 4584	4776	AcroRd32.exe	90
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 1848	4584	RdrCEF.exe	91
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92
PID 4584 wrote to memory of 4016	4584	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7dc290cb12a86d2cd1407dfb6919b2bc_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4584
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CE11F786A660EEB6E5DAECF179A9B45A --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1848
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=47DD06FF1BA54D75569B30E872BC6B94 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=47DD06FF1BA54D75569B30E872BC6B94 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4016
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=187D2FF42E22A9C4EECCF31E9CA2E33B --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2836
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D637FF553F9E2C85FD46365E2BB670C9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D637FF553F9E2C85FD46365E2BB670C9 --renderer-client-id=5 --mojo-platform-channel-handle=2540 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2772
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1728915F35D11A70C21F5F1C1266FBF4 --mojo-platform-channel-handle=2752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E3D60231FFD7C81C657C6AA006C0D5CD --mojo-platform-channel-handle=2744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
53b805372d746e586bcf3f65da456bc9

SHA1
7262707162206c13c7b074c282211b1cbe1e9dbc

SHA256
6ed1b519b86ce5baed6347291060f04c995e7fff0463ed33034bc24fbaf08d50

SHA512
c5c255da0f2eb1a100d76933f22307c19b4463c0a3fb1c12b4856d7c1cc76d977ca4f7fbd932c577d428672b9d99b3a0f667f5fc84db11186d7c5911419501b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
57184c2dc9fc61d756ec886c339db9e4

SHA1
7f81b278ee5da13c6b9a04e56dfef4cf192c4ccc

SHA256
5e3201d022ec51aabee65f1ed84ac7f7c1f532fa36386d7037e847c2fb92dfbb

SHA512
baea981229e89e128de6cc63361d114b76f0094fcb40fbdffbbc4f6453524f864a81f840dea46396a501c0f3eb80043ee10d0aa5d48197c998591c78ef3c2b71

Download Submit