6a316738c676d261c992aa30c10dd6f1adc5e0c54e46b9a721dce4af2bb4c11e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 21:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

887496d0939b02e6714d47cb30388079_JaffaCakes118.pdf
Size

38KB
MD5

887496d0939b02e6714d47cb30388079
SHA1

a00465216dd3c0f481e8eeb4d6e75c7e6dee187d
SHA256

6a316738c676d261c992aa30c10dd6f1adc5e0c54e46b9a721dce4af2bb4c11e
SHA512

84dd0379bab09168457aedcf1b74be5dbf73ac4af585c0c62eb11e7981473a216a5eabe28ab9ba6fe5828f6f0ffb643a5158aadfe0e5e92ec28d3a7d1b788ba9
SSDEEP

768:DgGzpDrpPZM2YsNU5YNyrWLBRUZdikxHPrC7F7sZR7G4dD:8GFfpPRgnxHPreY7G4dD

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3988	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3988	AcroRd32.exe
3988	AcroRd32.exe
3988	AcroRd32.exe
3988	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 2312	3988	AcroRd32.exe	91
PID 3988 wrote to memory of 2312	3988	AcroRd32.exe	91
PID 3988 wrote to memory of 2312	3988	AcroRd32.exe	91
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4064	2312	RdrCEF.exe	93
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94
PID 2312 wrote to memory of 4108	2312	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\887496d0939b02e6714d47cb30388079_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1080907F8CD57D1380EBA39860162DAD --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4064
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2710973E69B53FDE3E860CA023791606 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2710973E69B53FDE3E860CA023791606 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4108
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7DC66C83BCB407C3D35E27534D04C5F8 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FF1C8F760FB32E27286D58AE88DF22FB --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4956
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2FE618F050CC73C6215E6516A8514359 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2FE618F050CC73C6215E6516A8514359 --renderer-client-id=6 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2640
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CDDE39809BF0C7FEEDB709C390C75F93 --mojo-platform-channel-handle=2692 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
575ec9ab994708cbfedd1c48497ccec5

SHA1
b25a41ef6166a12299588dad4beb502654238651

SHA256
0f54a32cde6f2d2d75a0d7e779a2b0fc0c844fdaaa51e242ccbfe927d843bd34

SHA512
843937b8f30ff16e5c7bb71fcfc6701139b52b873894dc664302c4caa1e1458e795a2029c8dad121b27ed6bcbcd55e9f80b487435609a788321bef32078c8591

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1cc1c099dcf9d2544f67235caa80ab02

SHA1
d8fe2c0f53a39560f08e99347bcfee368bf85d4e

SHA256
436a16c3b966ba4647842a54f7b62938eee04df424751e75c56165e5a7ca5f6a

SHA512
0f11ba0b98e0687e7d949b5337b6d289f8c5623abf65408794bb796c039470970a4641e4df7a0737ebc71cdc2d38530e191afff17917c6ddafbef754bf5f2655

Download Submit