4dc96489dabe1c8089490c90e085b2194170de5b89f3379937e3bc0cd784e895

Analysis

max time kernel
142s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ea413c4902b45e52b4195685bf4aed9_JaffaCakes118.pdf
Size

46KB
MD5

8ea413c4902b45e52b4195685bf4aed9
SHA1

14a590f4fecd3a26d08378ef2dd5230a64644b89
SHA256

4dc96489dabe1c8089490c90e085b2194170de5b89f3379937e3bc0cd784e895
SHA512

29f752e000af3fa815fc33c9e26bc3ae74ab137b87585180b54ed58a0b5c39cef5ddee3dab1a58a5f9951597969aac0252c11a9d72252e8e7a46b272f3717af0
SSDEEP

768:FgGzpDJpsIEPtSZj5tLebvgVuAwAXmvsy13ad6Jfbf939BTO/I647kwhwq6:WGFNpsBAosKY6tf7ByGhwq6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2328	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2328	AcroRd32.exe
2328	AcroRd32.exe
2328	AcroRd32.exe
2328	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 2668	2328	AcroRd32.exe	89
PID 2328 wrote to memory of 2668	2328	AcroRd32.exe	89
PID 2328 wrote to memory of 2668	2328	AcroRd32.exe	89
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 3616	2668	RdrCEF.exe	91
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92
PID 2668 wrote to memory of 2236	2668	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8ea413c4902b45e52b4195685bf4aed9_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A12C795AAE9244BEF3D6E25AEB9A655C --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3616
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E997C6D4E3378FC76ABD07F9B552BD0F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E997C6D4E3378FC76ABD07F9B552BD0F --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2236
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=729FDB40C0042D6D2BFB4700B2711FDA --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4300
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4613A67BB2E64B4AD56AC1F2D7BE4A23 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:228
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6657592AB58D31872E5FF2EDE75363E8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6657592AB58D31872E5FF2EDE75363E8 --renderer-client-id=6 --mojo-platform-channel-handle=2364 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4240
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=567DF6E393E9706640DFACFF75F3024F --mojo-platform-channel-handle=2716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5ff3f19960b83fa4265e3cb9a8d5f816

SHA1
f33d7c24df118194b1649815c92ef39d9e6dbc42

SHA256
9cda5aa71cb69c2306e734f3c59746adf41a446736937b6b763be3a64c71b6e6

SHA512
639e95ee639e07df034defd9f0608e30900457fde6e6a615342375ace07d7c2286d8d2fdca13b8f58fc380a8d3d5c8644d844ec4b8b071c9ea734f89da1a4008

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b90ecabb63b82c966f87e471d3c65daf

SHA1
e042a51e785a983e57ea9941d74809bd53b3353d

SHA256
024b855f69b174777579ae19e832eba8dd662e248b22667c951b72893761dfc3

SHA512
34b81669f4efef63cea3263dbfa61a46cbcae4a70a40474507dc555f2d6f0e19d2d91a1d4e67f926bf6ba707a8221f3d6a0c2423de828dddcf12aec6fbb3dd01

Download Submit