d0a6563224b961ff4fd784fbc8d51996d76fee67cece17a6cbb40c5366547033

Analysis

max time kernel
137s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

912ae5c5e3ea1404935196241ad2b016_JaffaCakes118.pdf
Size

95KB
MD5

912ae5c5e3ea1404935196241ad2b016
SHA1

dfea21b25d5de18da0810b350ac76f1edf3461eb
SHA256

d0a6563224b961ff4fd784fbc8d51996d76fee67cece17a6cbb40c5366547033
SHA512

67b313bb58fcc7493d84a543fd15cb1e83ce56e95f1b49824c2bba3ae4ab296d33be03cd5a91ec2822cb07c4d4a2b6117cca3042fa2be4f87ada6635289ea905
SSDEEP

1536:GGFzpIs16NXBdtMx0ukAuISJxyx6UMioEKqQP9gH18tQIZFb1fI7Sy8HFD7cy7+y:fFzp56NXqxaISmsYH9QFgHCmW/8Sy8Hb

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
752	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
752	AcroRd32.exe
752	AcroRd32.exe
752	AcroRd32.exe
752	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 1472	752	AcroRd32.exe	88
PID 752 wrote to memory of 1472	752	AcroRd32.exe	88
PID 752 wrote to memory of 1472	752	AcroRd32.exe	88
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1392	1472	RdrCEF.exe	89
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90
PID 1472 wrote to memory of 1644	1472	RdrCEF.exe	90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\912ae5c5e3ea1404935196241ad2b016_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:752
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1472
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=882A6930D3D5886A98A506A6A8560CB7 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1392
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CFD9B61E166903F781EDED01768D4600 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CFD9B61E166903F781EDED01768D4600 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1644
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C0EAA52804B45AF69137F1F9D913DECF --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5116
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8B11EFDD037D941D4B1ED096463FB301 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8B11EFDD037D941D4B1ED096463FB301 --renderer-client-id=5 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1924
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=037B146DE113511918D43852738C4F6B --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=78BD0DBC909074A9965DBEC375DF3A1F --mojo-platform-channel-handle=2780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
aad0e0008990da34bf72551dad2e1093

SHA1
56469d1cdf8a0ee99694c5baba9dc87f50000008

SHA256
53619283e5a53190c3eff1adefee9d14f3dabbb8137a30d3d63879bea339a2f5

SHA512
446c3de307ec511ce9a1737a45bb01b3cbee7e38a0582588788f4f86235a1916268a092f7f96bee1d9f44a12c5a1d002dfc017961ce629362755d13e7007132b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
523813a16f54346eb40860e12275d69c

SHA1
c673d75e90df72f0f520f45077aaad6e0e14875d

SHA256
68ff35fe2daf346463d6172730da1063d56dd4b9b70033aca6e59261b67ae659

SHA512
24616741b63443a18a36c19b1bd41a37b8567c0a1121dbf77fbd3d2b91c2576a0cc97bda4ac4fce79bd9b200b7880f100ebccd3cdf0a68e7e2db4e3b010f6c56

Download Submit