b9ce18269fd49a22ff42c1f91454d819e8eb73e429cb5f5df449d38e28a0c2fc

Analysis

max time kernel
5s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99c921f55f78f75044e7b3c3edece7c0_JaffaCakes118.pdf
Size

20KB
MD5

99c921f55f78f75044e7b3c3edece7c0
SHA1

46d184febea7925c14715a3e8bdf5fda0e32d2a5
SHA256

b9ce18269fd49a22ff42c1f91454d819e8eb73e429cb5f5df449d38e28a0c2fc
SHA512

efaac427af9eb6b0e8c11ac2109f9e7dfedf6e40df902e624a0bf52da480fae8c95f12174801d21a40180389cd2ef255afe3b26a89d5e9e54fa2b2d94a64a391
SSDEEP

384:Vzy6VSz1Z32s0y5XASm7kuBnBdSgwGNMqq1wpw5ehlDipNghgsjagDKigaEt52Vw:VznSz110y5XASm7kunBd3wKMR1g2sNEx

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1624	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1624	AcroRd32.exe
1624	AcroRd32.exe
1624	AcroRd32.exe
1624	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 2680	1624	AcroRd32.exe	94
PID 1624 wrote to memory of 2680	1624	AcroRd32.exe	94
PID 1624 wrote to memory of 2680	1624	AcroRd32.exe	94
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 2620	2680	RdrCEF.exe	95
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96
PID 2680 wrote to memory of 3232	2680	RdrCEF.exe	96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\99c921f55f78f75044e7b3c3edece7c0_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3F0D822717C279C998DD6C275AD14BB5 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2620
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=77C5778C5B8A4122303E6E55204BA131 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=77C5778C5B8A4122303E6E55204BA131 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3232
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=68F3E5A7802E7723C17DBEE88556753C --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4864
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C0EA873FD6B3F62CF3E68A05AD5008B1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C0EA873FD6B3F62CF3E68A05AD5008B1 --renderer-client-id=5 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2768
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=730D7318EED28971FFC03C3BEB43D326 --mojo-platform-channel-handle=2696 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2248
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F286EFB6C644AEBF97B2C69CF2EE6B25 --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
661d6e1ff221487a887904da948d96bb

SHA1
c96d91618e0aa67666999c54e9ec73974edfc34d

SHA256
b0eb35fe78de2f8b36b10d09f5914eab322e05a833181ee1b54367e720c502f6

SHA512
8ddcaf54925ce02c3d1eaef20ae18fd6beee9234f06eab4fd3a6c49e8906df7d96065a6778d6df8487cf105d22906fcefd35ebbc381842e9f98ec2fade47f4b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ca3c32b175687c5e04733e3ef818b60e

SHA1
4d940fa34cf1825887476c1c25f11e6028c924c9

SHA256
7e43ae10b06028629abbb1e64842023ea47b6d4a08f7390396b9a7a0c45f5727

SHA512
371cc47f5872fb8fd066c0deb4ef5b3b9a4e1faa09ccc4664d7add1e3d758f067b39c75b15f01864b6b804e85350801daf8196e4df6ea23133818f8927bb341c

Download Submit