32ec3ad455f75befcb3f4e956db85bb44bccc6e58224f0018ac18eb23c8b7ddb

Analysis

max time kernel
134s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81a19f41b3cd759976ba89c69857f9d6_JaffaCakes118.pdf
Size

16KB
MD5

81a19f41b3cd759976ba89c69857f9d6
SHA1

6361a751fce4e216fea7e6a8a8e36e61ec6ad679
SHA256

32ec3ad455f75befcb3f4e956db85bb44bccc6e58224f0018ac18eb23c8b7ddb
SHA512

b8fa286918168253d3589c081a1f47b8586692407373ee08d6f1752a5f20cc73e010c321ad88a3acaa67bb93ac4567aa4c37ee79c3c289c7a2ff25113a57fc13
SSDEEP

384:VzPI/Aoghz1xkmwHdwxFofA+vIRumKQdhUrGiPguy1exZAK/SmQ2UacB:VzPIZghz1xzw9wxFofA+vCu1QdhUrGiU

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
764	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1884	764	AcroRd32.exe	91
PID 764 wrote to memory of 1884	764	AcroRd32.exe	91
PID 764 wrote to memory of 1884	764	AcroRd32.exe	91
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 4824	1884	RdrCEF.exe	94
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95
PID 1884 wrote to memory of 3588	1884	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\81a19f41b3cd759976ba89c69857f9d6_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F0AEA06ED12C10A81B853D8757E9C22A --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4824
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=367007EC03D843F934DBE58866216C21 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=367007EC03D843F934DBE58866216C21 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3588
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A536A0393ED5D5023B7FF6064008FBEB --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3720
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=57747679EFDD31DD1C9AE51975FDE701 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2772
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7C9419BCF8030FE6EDC220AEE837BCB3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7C9419BCF8030FE6EDC220AEE837BCB3 --renderer-client-id=6 --mojo-platform-channel-handle=1812 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3716
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=00166348E1471970C0F3EE987199AC54 --mojo-platform-channel-handle=2388 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8a68a3eb7c415c7f0fa0a201c79fd324

SHA1
c57d1ddaad58f007a00435bf1dbe20f0258bb483

SHA256
fd0b1c7856e12fad5cd3b26ebf6ea644e54f7fff950642f152adf288a2979179

SHA512
3ea7b6b555068da0e2b5546aaa9fcf605f2df34807822739e2677826ca8a0e29c45eb87e5b75690ec36a48586c0465ad26ca460ff1ba495cb4277f1c06df9fde

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b023235d9a992d8ade90f991b03f1a31

SHA1
b28265b8c9ff703ce2e5f151d12a518efb373953

SHA256
f0f10adc0040f9950c777138badd6ee0d07c0658293f49c1123741c21ea87448

SHA512
a7e926cfa59ed5139260f2a17ba68d50f6947df41eac9f442c03a7c4bcd4ccf88534fd2a61876f8f89074ada0d26a86e94f411d62c33f4f5596289f4272b14f5

Download Submit