a861a4bd784232e3818ea34e5d3c3131b0724a16a68493581ca751540fa44010

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80d03e165ef3b81ae49bf855db772470_JaffaCakes118.pdf
Size

186KB
MD5

80d03e165ef3b81ae49bf855db772470
SHA1

515022aed6b129363f45bdff5e9835133a604d57
SHA256

a861a4bd784232e3818ea34e5d3c3131b0724a16a68493581ca751540fa44010
SHA512

516a29c6285e1d1e88e9f471fe68ec09f4d6cba334191d4ec8bf63db7554e6c878ad1bc1441c53145b7454e1cf061a54bc61836410e3f8f796b0497a9901c2d3
SSDEEP

3072:m2irbxzGAFYDMxud7fKg3dXVmbOn5uK6KjnnQdN+1l+bsGVBLU/S+:m2MKlWQ7Sg3d4bODQdN+oc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2476	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2476	AcroRd32.exe
2476	AcroRd32.exe
2476	AcroRd32.exe
2476	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 1148	2476	AcroRd32.exe	89
PID 2476 wrote to memory of 1148	2476	AcroRd32.exe	89
PID 2476 wrote to memory of 1148	2476	AcroRd32.exe	89
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 4752	1148	RdrCEF.exe	90
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91
PID 1148 wrote to memory of 3932	1148	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\80d03e165ef3b81ae49bf855db772470_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1148
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4B8D3E1EEACEC801599103EF19D3793E --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=05176C6DE0B2B9B0D720A3FD81D64E72 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=05176C6DE0B2B9B0D720A3FD81D64E72 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=48A659F5957890976A1ED9D3F0661327 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D43CA83A1E4007284E3F8CA00763DF17 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4300
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AA5F38C81AE1B36CC8AE22D96303AA96 --mojo-platform-channel-handle=2520 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2992
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4ECA42D75F70511F3A542528FD270692 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4ECA42D75F70511F3A542528FD270692 --renderer-client-id=7 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
703aaa540975de4a6aad32c019354c9f

SHA1
aaefcb012326d633d9cd258472eec8c5b64f80d1

SHA256
3e5269027f78be47874472edc7dfd6bc41319663e96b572a1e7b885eb25d7d4e

SHA512
519e4657a1a263cca3d4d80b362128bb001a77c2a0483ca0e1d325099b2793c1b4e68738ab8e2dbbfe152bdd43770b3b999683c0d65c89440c6b4bc65ae81076

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d4ed333bc6e33b00ff113ddf8c74f9b4

SHA1
428c2cd6fd7ac1f982bb86384be1abd52e8d6961

SHA256
1020a7305e1cd9d60582c6b092c61f107ffcb04795509ba26c2cbe0af47225be

SHA512
14fe1e9ca4504aad08cf8551948fdc434b4c388dd778666415a6295f495d676e0e19ef133389dd95e74e9e302b70a04b060ffdad93186b829b16352fb7da822a

Download Submit