ec2769da2a081c2525f312f728b81932f06aabb700671a2be8668701b8b892a1

Analysis

max time kernel
135s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94c242395970728374bea2e18971ba00_JaffaCakes118.pdf
Size

63KB
MD5

94c242395970728374bea2e18971ba00
SHA1

4ac6bd3769565582b66fecda572cada44c6bdf88
SHA256

ec2769da2a081c2525f312f728b81932f06aabb700671a2be8668701b8b892a1
SHA512

c6fc4c5d50c73db88ba38dc30a1f1cbb65583223534f25251b7458500cd053eeff318e7d597f0f213eb249b596bb927585053ac2817721a2557cb68c346ed9e2
SSDEEP

1536:iGFVnWuQ3LtnzDlXHx1mtMgdvV5b3COzpgHhycCOIrmJ/g:bFVnYbtnzlHDm+gVxzCBEOIrP

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4116	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4116	AcroRd32.exe
4116	AcroRd32.exe
4116	AcroRd32.exe
4116	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 4516	4116	AcroRd32.exe	91
PID 4116 wrote to memory of 4516	4116	AcroRd32.exe	91
PID 4116 wrote to memory of 4516	4116	AcroRd32.exe	91
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 1720	4516	RdrCEF.exe	93
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94
PID 4516 wrote to memory of 4932	4516	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\94c242395970728374bea2e18971ba00_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4516
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3197B8DB07D5228B24F0D060E9C09309 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3197B8DB07D5228B24F0D060E9C09309 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1720
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F300D9C7E5DEA8BC4E6CD3BAEC778430 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=31FD956F73368271A95E44443276C01F --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:744
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0AD22A377DB32BD6C72636BB7E1AB37D --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:428
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2D2632936474DE0EC1BE22D989FF8DD2 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3100
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AFF674768D43BA8A9A9E693D04E1032C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AFF674768D43BA8A9A9E693D04E1032C --renderer-client-id=7 --mojo-platform-channel-handle=2452 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
82efbc3e6806eb0a185a18fc2bdc21c6

SHA1
a2cd21806a991e65c86f6a14aee367783ebb04c8

SHA256
a7e3ecc25ba09ab67388b267812287ac7971bca34a0ed40211a057466069b45d

SHA512
62b2cbcedd2270bc873ef967ee77768e6e1080f2150191cdcd414cc4129ca4d895f30efdbd0c915ce84dfc1837af0ef65b5dcf155ebebeb4ee415242856ba51c

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e9dcb98a117223d7f68b1c9ab43a0db4

SHA1
9aec4aeb9dca42e264c265efc7064ae1987f5c6d

SHA256
be601b9b8b05d7c61ff94c9a163d6aa62f36e3cece6b339da662a17049a3c89e

SHA512
f85bb59f8862e58cb12cbe42ebd6cc07ad57214b55923c251f5cf9895a59215b6926e6f601a6a34e5d0c2178cb587d19a6ca464978a68401c693df82e8d220af

Download Submit
memory/4116-28-0x000000000AEB0000-0x000000000AF00000-memory.dmp

Filesize
320KB

Download