bd0926b1420c675b455f64ea243f05d5d8e6022010adfec231e2223efc823c26

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 03:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

906c3bf0422718d6d120d09e323da0ad_JaffaCakes118.pdf
Size

40KB
MD5

906c3bf0422718d6d120d09e323da0ad
SHA1

667f5ed7ec8ba3e8969a000e937910d0a57648b0
SHA256

bd0926b1420c675b455f64ea243f05d5d8e6022010adfec231e2223efc823c26
SHA512

8b53b2798a963edc17a821410d95d6d5cc014460ce24f1ea0412deaa0f1ed5bce9f94e44a14662d2c37ee680ba4c6a7d20cb5294b8c583c67b3b80fff816a1d4
SSDEEP

768:pgGzpD5pty7r25a38kgnetINv3q/qx9DqiiIjTuv5K03rhf8+uyf3Jds0dvd9vC:KGF9pt2r25aKqyDFuv5Z3rhftYAC

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1620	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1620	AcroRd32.exe
1620	AcroRd32.exe
1620	AcroRd32.exe
1620	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 3656	1620	AcroRd32.exe	88
PID 1620 wrote to memory of 3656	1620	AcroRd32.exe	88
PID 1620 wrote to memory of 3656	1620	AcroRd32.exe	88
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 3144	3656	RdrCEF.exe	91
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92
PID 3656 wrote to memory of 1104	3656	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\906c3bf0422718d6d120d09e323da0ad_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=44C9791F9993E940324CCE5805411312 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3144
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7566BE7D3C8FD554A9F2516469F07B37 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7566BE7D3C8FD554A9F2516469F07B37 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1104
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=15842E3165E648E34AE78D66D52E67AA --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3028
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B1E4F8AE9B4824C8AB200C147EB00657 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1652
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2A8B1917FDE545F37E09D85F5A2C52B5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2A8B1917FDE545F37E09D85F5A2C52B5 --renderer-client-id=6 --mojo-platform-channel-handle=2404 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2120
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5D7AA2480AD8DD99E05C34A974ED8085 --mojo-platform-channel-handle=2544 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
9ed61cfc2cfaa02add7701ecbe7da86c

SHA1
1e1c73f5e8c6441a4a42e612c01f44304baf2d15

SHA256
d4df4fee695585e15ed0e848540c84b87ef953bb7254bef947b0b672926cb51a

SHA512
b06216e1b49223cff33d40885e6381e55820732f27fdc08b8032b0ea880ac1b8bf3a0d4572aa46c4bdcaf097ead55604df160592d8ba81f1ddf4cf4ff5d7642b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4c824ab3127d3dc598815260a05092b6

SHA1
6696dc363a55118d7e8bd0d0252bafec913fd490

SHA256
53a90210810e896488f3aaceb6eaa4013c03c422c81cdee25280b44009c62eb4

SHA512
16a69059de004ded4f6809a99d55ae63ceb23bc894213df679eae45b799eb52260b897aa5474aa5684a068156f52f3a758c91ad55eb12100c5d07ee9e08eae09

Download Submit