4adf65a12a321b694138e6eedced2f7b2db076ea2bbf92f899c02811ef851d70

Analysis

max time kernel
134s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

985c4091478f97fbdc5ce86837eb2ab3_JaffaCakes118.pdf
Size

36KB
MD5

985c4091478f97fbdc5ce86837eb2ab3
SHA1

e35205ad6ed34e3b269edd37100b1708e8ec3413
SHA256

4adf65a12a321b694138e6eedced2f7b2db076ea2bbf92f899c02811ef851d70
SHA512

836960487b8208f205ddaddf9e5ea76cae1c52daee24e9febe6d970c25627364799a9e607bcc4acbede6ed2cf4fb5db5f1c022072094111302a85ddad244fcee
SSDEEP

768:TgGzpD5pxE9bivFseBwA46XbjJwdsyeuQQlgSCviqM0nqTV3:sGFtpx/je2vupGSCVnqTV3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4604	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe
4604	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 1784	4604	AcroRd32.exe	89
PID 4604 wrote to memory of 1784	4604	AcroRd32.exe	89
PID 4604 wrote to memory of 1784	4604	AcroRd32.exe	89
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 2920	1784	RdrCEF.exe	90
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91
PID 1784 wrote to memory of 1756	1784	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\985c4091478f97fbdc5ce86837eb2ab3_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1784
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A19B85FA273083D84952910564876289 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2920
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=36BEDFE85EF4049ED8330DA2330A959E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=36BEDFE85EF4049ED8330DA2330A959E --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1756
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F2DAC8F1ADE867398A297EB37917659B --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2744
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=02C137AB4B651509BFC9D52B5ED8AD27 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=02C137AB4B651509BFC9D52B5ED8AD27 --renderer-client-id=5 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1680
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5D22EE6F848F8EEA98F956904DBBE0B6 --mojo-platform-channel-handle=2584 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3368
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A5EFAF3CDA796E1F597031F3F7860C8 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c0693311c582b590e4645bc3d4c19596

SHA1
3cfb95f568cda308caa5269d0ee659731ce23988

SHA256
eb33434930b05dc40e165fcd8fc24f7a539bf2f6b0208f71aa35adf7e97d4247

SHA512
b10a50d284687d48f26d27ce357dbee9b7068327b242896ee0d6d8da6a81e2709b6d1cb2604ada13a365c6e0360aa89eb1678cf214a3caaa85fba88a0ab76c69

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7756816e45d43ce7867cb364e5e35e05

SHA1
ef0afe714b77335d6a4a1ff30529db7c45f42b23

SHA256
8da8e4f1f86a4f61b72ac3c2a963efd369e2c42b670727ae6ca0aaebf2d74c42

SHA512
7155861497fdbee197949806e0ae57353841b9251026d61f492cbf0692037871f232cc469cd30ee05bf6412ecce2f675cd0612475ca038d5b9a3395b6a4ed2a6

Download Submit