fc48a9c7b795ebb2998461e55216d9b145a1a4a79248e2f2a9a2f737a5b3b7f8

Analysis

max time kernel
131s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 05:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

93c6cba36e7798e2aeecc180b14e2feb_JaffaCakes118.pdf
Size

42KB
MD5

93c6cba36e7798e2aeecc180b14e2feb
SHA1

18cc4c55ebeab72ea8654c3bb7f2aa874221e08f
SHA256

fc48a9c7b795ebb2998461e55216d9b145a1a4a79248e2f2a9a2f737a5b3b7f8
SHA512

26e726ec0fb1ef577d3e697b156c466187a054f3a46e32893c12a3e106b3a470a9a8c68d4d458b612dfd48c0ba0f692e024072ddde70cf56debfe4d6eb63b6fd
SSDEEP

768:QgGzpDwpXGNwopmPZJ7p3uE3NtGttEBToMFcbG5Yz+fj9KXphmoZOV6Rhcu:9GFsp2aoU9p3uzustb+++fpUpo54Rhcu

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2364	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2364	AcroRd32.exe
2364	AcroRd32.exe
2364	AcroRd32.exe
2364	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 4120	2364	AcroRd32.exe	92
PID 2364 wrote to memory of 4120	2364	AcroRd32.exe	92
PID 2364 wrote to memory of 4120	2364	AcroRd32.exe	92
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2160	4120	RdrCEF.exe	93
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94
PID 4120 wrote to memory of 2020	4120	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\93c6cba36e7798e2aeecc180b14e2feb_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2ABB7AEB535FBE64DBD4502E6515782F --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2160
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=824ED5176D37780162CC9A65C5C43F53 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=824ED5176D37780162CC9A65C5C43F53 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BBBEAFB1FAACA6168A54A6A001438E21 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4568
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB058A84B8CD7D1542531483EFE02529 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4696
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5060BADB50FB3279DEB3ABD2FE923498 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5060BADB50FB3279DEB3ABD2FE923498 --renderer-client-id=6 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1516
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=02EC043602938084A0380D66DD0BBC0B --mojo-platform-channel-handle=1864 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
dbcdcfcd90dc0e1be0a8c8f2a4f6c41c

SHA1
7755f371024f76adcf0f4e9f7700a9a808bf9b93

SHA256
097e30abc38d8d8aa353b78fcaa8f5f8d2b15b8847ec9e2f1437c6efc4e324f6

SHA512
bb8d48eee750e5bbf6dbc124f646db66baf00a76da4001b7e142580e777d54bca98917981e92b859f244b38d9f221720aedbcc8202041010384eac20ad1a0974

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ef98c966b6a2873c27529180663cce00

SHA1
b311875ab5822adcb0fb52303e56e2e63231db77

SHA256
a2e702b03b6b6a4b35b5c73d1a3977fff155f62831beda5dc0d0718b0906bdda

SHA512
8e1c0af701ceb006d6d68347166888a14d8609538020c94d568817da562e86ab0711252c70ed4f26105e25f246289b4624c3c0f5061eee2d4d38c29ab1090dc1

Download Submit