aaffc9a23ef7cbc5fae6efab02c8fe1eaef130facf70af7fa7612dfa6e0e381b

Analysis

max time kernel
133s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 00:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8279399d8e3c8f105ca5cf5dbcc19306_JaffaCakes118.pdf
Size

40KB
MD5

8279399d8e3c8f105ca5cf5dbcc19306
SHA1

ac6482dce6eac03f514ba68733c4b6c03f1bca8f
SHA256

aaffc9a23ef7cbc5fae6efab02c8fe1eaef130facf70af7fa7612dfa6e0e381b
SHA512

138cd016d0f0fe6bb2430a2bddfcc7875a2156432fc45a65872f4c1085132a95ed8b31f254778a11645132296bd778a9a032d28c03f909645cc9377d476ae2f9
SSDEEP

768:2XuMZmwgCLWar1UE5HpxePl9Y0o+JcdtuPd+swsHK7Pa95+zQHS42t5OXguKs4v3:2XFZmGWS1NjePl9Y0o+JcdtuPd+swhOO

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1320	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1320	AcroRd32.exe
1320	AcroRd32.exe
1320	AcroRd32.exe
1320	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 3156	1320	AcroRd32.exe	87
PID 1320 wrote to memory of 3156	1320	AcroRd32.exe	87
PID 1320 wrote to memory of 3156	1320	AcroRd32.exe	87
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 2296	3156	RdrCEF.exe	90
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91
PID 3156 wrote to memory of 4812	3156	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8279399d8e3c8f105ca5cf5dbcc19306_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=53FD2B7FC4001BC6941C0436B8A94347 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2296
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=39F63864FD90064B3D1136DAF77CBA3B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=39F63864FD90064B3D1136DAF77CBA3B --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5F59CFF071407C89C6F5D8FD0386D6C6 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4164
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=780A8028E193EF50254917E84BEF7EF8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=780A8028E193EF50254917E84BEF7EF8 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2704
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C8C2D8B17FAE22507FAD79B4F058D43A --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:832
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5E3F440A2FE6CB6D4FB22BC184985691 --mojo-platform-channel-handle=2844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e699e953e4e4c9f41e217db56f30547a

SHA1
974e3bd50b81ee678de0de5f572ce47c60ee1d3e

SHA256
abc112e224aa8a7609dd2c62da82a7583e0f7b0777d24fa3e5802353de8a29f4

SHA512
c7e62a6aaa9cf77f0f06566b3e172f28aa68754994e1149020a7162b61c102c77e22ebe447a2d1fb5fd043c13f614051808f42df365e244867ba0cb14e93bbc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
eb5ecac52b6837f7236dce50aa517bac

SHA1
20e0ab0c048aed7aa76f2b3c16401d4403f17def

SHA256
6a0032a39f8ec9dc7009173e820b58712aebc8cfa1c200f6f5d8daa8b8beef17

SHA512
3e56b86bf0977edd1dcad74630aca6d66cc1ccd313fd0cdb0009b0ff38d322447bbe6bb25c945496f00dbc21bf316dbd4cc4379e776edd5a48685d1da569099b

Download Submit