f07963e6f7d16485bd1f431e1372ac38a74866e70fbbccff469975ee779b2604

Analysis

max time kernel
137s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96befb69ac3f4dac9262aba2ffd5244d_JaffaCakes118.pdf
Size

61KB
MD5

96befb69ac3f4dac9262aba2ffd5244d
SHA1

3a3f09efd875079f4c6d3b6eef338ad359c2bd9e
SHA256

f07963e6f7d16485bd1f431e1372ac38a74866e70fbbccff469975ee779b2604
SHA512

e3e2c7c5fe0c19bf5d09473a47c893fbf9f8e720a8420d498f18837e8a5396e6190c7aba3874716587641c4b08f46455307fc8d47040f1048e73f37fab7fee39
SSDEEP

1536:aGFje9UuoNrl52vUxqI808+tzelWplLqZqG05be:DFje9Uu0l4cMIjtzLleZqG0M

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3032	AcroRd32.exe
3032	AcroRd32.exe
3032	AcroRd32.exe
3032	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 1392	3032	AcroRd32.exe	93
PID 3032 wrote to memory of 1392	3032	AcroRd32.exe	93
PID 3032 wrote to memory of 1392	3032	AcroRd32.exe	93
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 2968	1392	RdrCEF.exe	94
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95
PID 1392 wrote to memory of 1544	1392	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\96befb69ac3f4dac9262aba2ffd5244d_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1392
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8F4F64C6808024864A1E7CBD631FA165 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2968
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D000131D7FD48295B764B3361E76CFCA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D000131D7FD48295B764B3361E76CFCA --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1544
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4AC2D536867538DF7813D1C415A1FF0E --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5056
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EF32F179A5A5240624F271B6FD6D465D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EF32F179A5A5240624F271B6FD6D465D --renderer-client-id=5 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AF6F819B93614570E3445424B9A1AFF9 --mojo-platform-channel-handle=2660 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4216
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D08A7D4EB78326C963430A0B05FEE19C --mojo-platform-channel-handle=2392 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
71baf63ad36cc60b9f4e1f23a0d6f5fb

SHA1
89fc97e09d1316b3f078a3f8100b6cf972d60868

SHA256
1b30a74fc8b46360275b51778fb7a8645e95ceba82a60259cf9e7821669b282f

SHA512
1877d8f231cb0445016ad3dfcf8282f03cecc1beb686d75200f3dd0bfdc9bb534b3e6052f3a5eb6bd7a3e065a08865fcb236bc22e691d2fd56034d19f7a50944

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1f9c7b06feb85d867ff6813c0b2afe1a

SHA1
c0377a28bf5c4c918084bc5ad6445ff4116d6c4c

SHA256
418e3f8e46538856809d5a0ee6ce2d8ea7347404a6ec94242315b093c2d93cdf

SHA512
0eb25ef36d0123922ecb5a377d94f86f49878f11804efa165b5e2c015d1d418eb72d667cfaad9492b6856158d1b8d8660f7cecc0b9c4b66c94199d2179bd02d3

Download Submit