5cd4a30d55722ee485f2669efae38489a01e6f7681673a6825a840bdc00b2e63

Analysis

max time kernel
133s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

948325c28c948ebc75620fbf02e45111_JaffaCakes118.pdf
Size

44KB
MD5

948325c28c948ebc75620fbf02e45111
SHA1

18a5ccc23b5c12d6f98fea854d7d95069797609a
SHA256

5cd4a30d55722ee485f2669efae38489a01e6f7681673a6825a840bdc00b2e63
SHA512

5b553ad955d0641f17793660b627d13c03b78a593706d1cb1be44a96586bfaae3912e39da1db5cfa6876cff91393832c278155c55eae0fbea5f70d1d2bf25945
SSDEEP

768:BgGzpDyBVksi8XKX0BYw1WKBiz4hVlrQZrDXN/uUnXDpeNK4WeJGs0TcIFSMVIOm:yGFmBk/uUXDpexW+Gz0MVhbLupx

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2968	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2968	AcroRd32.exe
2968	AcroRd32.exe
2968	AcroRd32.exe
2968	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 1088	2968	AcroRd32.exe	90
PID 2968 wrote to memory of 1088	2968	AcroRd32.exe	90
PID 2968 wrote to memory of 1088	2968	AcroRd32.exe	90
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 1412	1088	RdrCEF.exe	91
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92
PID 1088 wrote to memory of 4676	1088	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\948325c28c948ebc75620fbf02e45111_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1088
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4015F3EBF9EC31E0AE9E54FC6968935B --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1412
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FFA4B36DB4289D8F19759386C49487AB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FFA4B36DB4289D8F19759386C49487AB --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4676
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6A81C38B46F8DCA98D0EE89882EC9AA3 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4284
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=50019D3639BCF0DDF7487B718653A94A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=50019D3639BCF0DDF7487B718653A94A --renderer-client-id=5 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1916
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3C3537EA7AB5E6B091827EAD3F48C4E4 --mojo-platform-channel-handle=2780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3252
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DDFFE68D69C43C124B4EA63DF9C4DFD9 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e2f474dba3a96eade0c8980909b15993

SHA1
2c5d0a20ca558e4bfb4d4810a1cce5b5e7f1660e

SHA256
c12b45b19661c91d40850133bfc996a94a266d506ea87f213bd05b4948f4813d

SHA512
1385c8f8b0b0a019601d19b921bb4bf40e8c7226de3f3fd0ace9c7270b3c88082dce623f9c3b83800c2f485b5311add1f6bced05728ad44d3c266fbe8408c269

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
a9bd1f5663b84bedf885c63454924e5f

SHA1
25bce6664ef84e6f6da4abcee7cd510bf35d15bf

SHA256
1219e12d0c1079efb5cfd4c18720641b1c0faca8ba19207035981b9b76228550

SHA512
0cdfa70cb94f408fcdcaa4da214c573c37745aea4d69ebdb2d2f6c9475621090792f79a65f423ae0d1047a6f954b3f3de135aaefd8e88aae0512d2b6c46a6925

Download Submit