66302c9f5e86f3db5749e773b41bf7f1ce5e2a0bbebe0cd458418e79ede03a15

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 04:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cddfe9e53a21230b72b92cd68c94d31_JaffaCakes118.pdf
Size

42KB
MD5

8cddfe9e53a21230b72b92cd68c94d31
SHA1

06486467e026221f8bd3cb647b12d47eeb8e19d0
SHA256

66302c9f5e86f3db5749e773b41bf7f1ce5e2a0bbebe0cd458418e79ede03a15
SHA512

0c852aa095ee2db26ecdcc169836f84d1c100910f64b2e880c7ebfa6a34e4f0806cb2b83f7ddd43e9a6f52dbe6155ac7d5d8efca5106b3b4bf6b64668e0023ec
SSDEEP

768:fXuMZmwgCLWar1oNwdBkZYwpTfmHiGKt03Cyi6tW6lsawjFKsER8TkgIG8p/7LzN:fXFZmGWS1oGBkZYwpTfmHiGKt03Cyi6P

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4880	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4880	AcroRd32.exe
4880	AcroRd32.exe
4880	AcroRd32.exe
4880	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 3980	4880	AcroRd32.exe	89
PID 4880 wrote to memory of 3980	4880	AcroRd32.exe	89
PID 4880 wrote to memory of 3980	4880	AcroRd32.exe	89
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4840	3980	RdrCEF.exe	92
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93
PID 3980 wrote to memory of 4052	3980	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8cddfe9e53a21230b72b92cd68c94d31_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3980
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C53ECCE582740BA433ECAA87C0BCFF5D --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4840
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E2F4FE9530A1641517E4B7DCCE2604AF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E2F4FE9530A1641517E4B7DCCE2604AF --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=10962A66B841BE2D772574D3FFF49E17 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1644
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5842F5DD7133138E988054D32742A1A3 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4960
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D863776CAAD90C276C3F443AD4E79500 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D863776CAAD90C276C3F443AD4E79500 --renderer-client-id=6 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4984
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F1FD07D2819A369E1EBE46555FE70C06 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
78a6f9e602f6526d45cca96fba1e3bd6

SHA1
77803548ebd02d0013bdf7572cc0b51607915bf4

SHA256
41fe29a3c7161074ac873143e91e06b00de287491f5c825ec47ab184dcb48b51

SHA512
cf14c7af7651ceb81d7f8410209c02fc536598f3e3a2deec13c0d79cf6c5ec19ebeff17af2b5c216a82176b689e2318802185b3dcaac2bf5c2f251c92c01f3ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
f4ef36a8269086261fc29f7525be139d

SHA1
c94ce363c10dcd76a1d02402dcbb3091df4693be

SHA256
aa8f6f8ee362c525ac72f09670ac7fcaf1b1a83bc94bfa88d4d99a74e00790c5

SHA512
75c87e90e3d06239837b615572825a1c81051a3534025b95403b6dca3173cbeefa24a3d4043acd32c1ee923d8994fd75f8377183b2ac708e21daae28a873a47f

Download Submit