913deb293b62c9530ae7b66bd55a882c1aa7c4b456fc1f0c1967aa07e7f07f69

Analysis

max time kernel
130s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9537396d8ddee3b1b215ada1acbed977_JaffaCakes118.pdf
Size

45KB
MD5

9537396d8ddee3b1b215ada1acbed977
SHA1

f90c33e187e4c3de73f896458dacf9e3ca4a3124
SHA256

913deb293b62c9530ae7b66bd55a882c1aa7c4b456fc1f0c1967aa07e7f07f69
SHA512

e02366ca9c2aede07e36339bd89850361db071f88e47a5e85619fad8ffa1b9b5779a4bf1799274addf013225554fbee55d5ea88ed6be34a851c0ba6180d79e11
SSDEEP

768:ggGzpDtHwUlONLYIa3Q+CNm9bhWz8Y2wkKpgfKimyeS0GqND9iNnVmnjxHM+:tGFRrXTjhwkEDSVqNDCVmjxHM+

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4712	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe
4712	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4368	4712	AcroRd32.exe	87
PID 4712 wrote to memory of 4368	4712	AcroRd32.exe	87
PID 4712 wrote to memory of 4368	4712	AcroRd32.exe	87
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 5144	4368	RdrCEF.exe	88
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89
PID 4368 wrote to memory of 712	4368	RdrCEF.exe	89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9537396d8ddee3b1b215ada1acbed977_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4368
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=317CFE342A0895D62BCCC9255865285E --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5144
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D27F08499DBE8653CB1EDB5440B3AB59 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D27F08499DBE8653CB1EDB5440B3AB59 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:712
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=42C6635A9175A5DCE2107363A8C7FE25 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3358890E7966BEC5ECEA29CC7E5EC1F3 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3716
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3E0F3BEB0B344BC09D8F31B2BC616EB4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3E0F3BEB0B344BC09D8F31B2BC616EB4 --renderer-client-id=6 --mojo-platform-channel-handle=2368 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4048
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E3CB3778F565D79F364CEB1E7AEC202B --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6067def5f5d37e3874e7e20896acd5d4

SHA1
8e4be785479610e26e132aa8df106e026600f6d1

SHA256
30cb77b20b815522879d55b2a3800541996fe288ca7f1ef0e290e65c1098935f

SHA512
f96f3637b827f1b0c9fcec107a267882246b5b50299319108338124eb3170ec0e722ced5fd670cb047cf5f8c24ca6cf02b5d9b5ed38b35215b13fd2993571a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
9e1fd61fd9c246fb3ac82c96177a117c

SHA1
a0288990c18fa05770a14d51479c3bdb4ffa80f5

SHA256
d8b31e6c060b84817fbede1a4f95ae68ccd1814ee5e7baa2100c133b3e5ba3fb

SHA512
b34913a326695c43be7d7305ecd3016e3b51ced0f73b37a7b6df2fe69b731c033fd8b9e12dc1e5d801df82596e110eeea58eb8c5785713e6fd18d0f4f86265b6

Download Submit