d2057a36e6f765806a50676983dfa099e066006bda8ca4917fa310a5edc57798

Analysis

max time kernel
129s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 08:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

941b699bb31184062b76e4aaef80f286_JaffaCakes118.pdf
Size

48KB
MD5

941b699bb31184062b76e4aaef80f286
SHA1

189f496b395b52238e789d6858e25076f1ccfaf6
SHA256

d2057a36e6f765806a50676983dfa099e066006bda8ca4917fa310a5edc57798
SHA512

061f3c0c555f4fbfbfc9fbba9a724ea767e38cae78c8f8f7e7ea03a1c9ab6120ce6918b05e643a5b665b21f3dd7aa645c997f8f362d8e1614a44a871607054aa
SSDEEP

768:1pgGzpDlwEV8qIGdyHVoCr1+5Lu/CHEsEayBlmGcaQeO6qe8tJqBdwWBYdPFBDj7:gGFpdYsEuyBprPhv8bqBy0Y9j/fj/WNw

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1772	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1772	AcroRd32.exe
1772	AcroRd32.exe
1772	AcroRd32.exe
1772	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 4536	1772	AcroRd32.exe	92
PID 1772 wrote to memory of 4536	1772	AcroRd32.exe	92
PID 1772 wrote to memory of 4536	1772	AcroRd32.exe	92
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 4672	4536	RdrCEF.exe	93
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94
PID 4536 wrote to memory of 3776	4536	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\941b699bb31184062b76e4aaef80f286_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4536
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=56B8B54A2B8995E336E665B60021AFC8 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4672
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2BA5E03BA3789E0271574C14D64E67C7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2BA5E03BA3789E0271574C14D64E67C7 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3776
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=54E9F081CB0BE72328A4A0B539FF58BC --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1956
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A25EA794F99EA1FB5726AC8F58F20DE2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A25EA794F99EA1FB5726AC8F58F20DE2 --renderer-client-id=5 --mojo-platform-channel-handle=1872 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5044
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BACBB7854129498369FA4848900E84AC --mojo-platform-channel-handle=2672 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4936
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2ABCB852FDC669D658C809085CD6B702 --mojo-platform-channel-handle=2840 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
2d0fc1997f8a2d17151c8b08ff187422

SHA1
76d411199f7f16dc85aaffa3120f437030e7d70c

SHA256
fad9af4e5a3e653201d625b9cf459356540d443e14802fbbc008e341e459533f

SHA512
65649a4d8d300b3a005c9b800d8cdef594fe6a9a032a072e796274e81377e8984c0833629f7807e06b96220814e60bc58ff26806d837b8b8af3fd441fc9b67b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
69ee2b04e50c3674d85732b869e54770

SHA1
1b785f9f9f714109e0e7a2faab44006bf29f270f

SHA256
5724a6616890a56cfaa7e7ae386fe9610c66dc32faf1632eb9d95cf042cb8a4f

SHA512
7de8a3818575ee22de5ac172c8e1c50ea88812eb3a1e09c7d45d5679ea80383f94b63ee5adeeff49b718a111905661b9d6ddcc2a79ff4f76917f64730b8d5380

Download Submit