f14b4886b871c0680ec1ae90b3bcc1092c69ad555ea2e3bf819e36b05d363617

Analysis

max time kernel
134s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 08:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8007e0a597e80dd9b67e1e7e59eb4137_JaffaCakes118.pdf
Size

79KB
MD5

8007e0a597e80dd9b67e1e7e59eb4137
SHA1

51a7fdc5ab1968f875e2cc11f03f2b52cb853944
SHA256

f14b4886b871c0680ec1ae90b3bcc1092c69ad555ea2e3bf819e36b05d363617
SHA512

ca40cf15e5956a2b988ddb4b1acac80a4b9a49151cd39ecd3f35ef90563c1d9b3ff42ff1f6d9178ac4da9e3546f51d3093b4b667f9b29d3fa813eff689d9d693
SSDEEP

1536:YGFcp8+bdxCAuPvl0MuoqASxvqt4cAFLgWUkaOJ1D1WzKwlf:1FcWYGXl0M3qASEtbAF9UtsJczKu

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3244	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe
3244	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 2556	3244	AcroRd32.exe	92
PID 3244 wrote to memory of 2556	3244	AcroRd32.exe	92
PID 3244 wrote to memory of 2556	3244	AcroRd32.exe	92
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4136	2556	RdrCEF.exe	93
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94
PID 2556 wrote to memory of 4796	2556	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8007e0a597e80dd9b67e1e7e59eb4137_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9105142BF9CA27D67717E999E37AB605 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4136
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=37878524B4BD226FBE84043A5D3D374B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=37878524B4BD226FBE84043A5D3D374B --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4796
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=97E5381A84A501A18480B8F6759597A2 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2380
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A8491308534D73CA531CE8F46897FD6 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5036
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D5870708B07D60D03510F33BDBC7AE33 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D5870708B07D60D03510F33BDBC7AE33 --renderer-client-id=6 --mojo-platform-channel-handle=2516 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2940
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8A83F6BD12E9378679DBDC8547180291 --mojo-platform-channel-handle=2392 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6aaca601af5c188cb3bb142685022b9b

SHA1
112b6c455597292c2f818386029fcfba673095eb

SHA256
6602583cc5e8b717ad344c78395e0d543b95d81a439bc77758f39996e43fe0f6

SHA512
7f6c149626f22433f4caba1ddaa11e0f899a1c0d8b4e6334c4269ec557664ef2fe678265d41f973d55e049c02e78bb305df1d4bed5ae892f6b05c9dd165bbcbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7ae7a65bb79ae1c89db2f306e769c970

SHA1
bf5ebe654776679b2af5854527107537e397e1d7

SHA256
d92f5c574d3665f04e485d5c5e377c8b541950888a13100890a6521097b46d70

SHA512
2cb199d1f63bd60dacf85bfab35bcbb42c00dfaafe7c49fcb867b385193f74d99d9ca397714c38f808606f5f28b17a784c56b89cecaf58812ee70fe12fbcd83b

Download Submit