02f96cb81ce3df16081ceb8c3fa2db4aadabb6c32351faf968fcb85da1e50104

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 10:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83eff39fb921819c26b933b6a7ea87bd_JaffaCakes118.pdf
Size

36KB
MD5

83eff39fb921819c26b933b6a7ea87bd
SHA1

6fb3340ea4d114f84eea780ea4d4fc12f6a0dbed
SHA256

02f96cb81ce3df16081ceb8c3fa2db4aadabb6c32351faf968fcb85da1e50104
SHA512

4a2900bc5c117b047a1dda3ea46a29c94839baaf8c67cb9a72050ae05e7f6103d7daf01c24475fe143294733a78c1af066118935659eea39aa227fe38d38be87
SSDEEP

768:oyDEPkz0yj/0lYliIJhR9OBRxXwPrmblgoHtGJUZZ7QLi+WLs5E5/XuMZmwgCLWG:o20O/0lYliIJhR9OBRxXwPrkGoHtGGvJ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1628	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1628	AcroRd32.exe
1628	AcroRd32.exe
1628	AcroRd32.exe
1628	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 3696	1628	AcroRd32.exe	93
PID 1628 wrote to memory of 3696	1628	AcroRd32.exe	93
PID 1628 wrote to memory of 3696	1628	AcroRd32.exe	93
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 1588	3696	RdrCEF.exe	94
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95
PID 3696 wrote to memory of 3136	3696	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\83eff39fb921819c26b933b6a7ea87bd_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3696
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B418CEB8FA5BA5B4F0934880BC579848 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1588
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CD6BCB7BFAED2505DD7C2D9A706A1419 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CD6BCB7BFAED2505DD7C2D9A706A1419 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3136
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D8CCD898317C54E385F6D9BA3EA3E278 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2220
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=384864A338F12764A5E364FFDA664D84 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2772
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=512EB21A2292B69E11278B2EC301ED5C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=512EB21A2292B69E11278B2EC301ED5C --renderer-client-id=6 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3244
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8767AB8EE6AA64645A1335E117AC709D --mojo-platform-channel-handle=2492 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
075e6c4258572e85d523c6082ab57868

SHA1
8940a481f2d154900d06f185db6968eb18ba8773

SHA256
def52007afdfcc0258643038d30f94c6a75339a52bd5f48be8d22b2a5701b6c2

SHA512
30b88c72e551530f56548b6d8f627c3761f702b2c7326f4e78f0f1c55dc4f581a033fe6ac7765c63a3e89865a5a8f1f0473888004fb6b98bdedd325905a4f3f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
81f2dc4c5bd181130c1c955a6c083491

SHA1
bf64c215cbf171b364c6e379ce55ce479c4ead05

SHA256
ba01abb916a239bca17d9d27b9a40649e8261544233eb75c74b43fb175b11ccd

SHA512
613bd34f8e569cd1121520128c31ad06c365c96ce727a7bc578defcd9d01dafffce6735e74fd696835c126b053b9ead50031b2152599a4040d44ca6b3bd80218

Download Submit