a73518351db96aefc5860956d722a9eb1a30be5bdfc2e7b6307c6dfd5eb7ffe3

Analysis

max time kernel
51s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a27c546a31fb48baceff1e3373f9481e_JaffaCakes118.pdf
Size

32KB
MD5

a27c546a31fb48baceff1e3373f9481e
SHA1

861041efa676a72da7ab1fc3a09c1dc278a9a858
SHA256

a73518351db96aefc5860956d722a9eb1a30be5bdfc2e7b6307c6dfd5eb7ffe3
SHA512

5c43db87facf84474f7556e0e382d4a1e7ee95bbdf388d2dd9504fd7d7c7d3f47ad3793bb212b79617d3eccb613faee403c137ff21e880afc5032d68efaf7d98
SSDEEP

768:JXuMZmwgCLWarf0uL4Bx21cCLyLUbK0SmEEuqbe2y:JXFZmGWSFMX22CeLX0SmdRbe2y

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4396	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4396	AcroRd32.exe
4396	AcroRd32.exe
4396	AcroRd32.exe
4396	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 3224	4396	AcroRd32.exe	85
PID 4396 wrote to memory of 3224	4396	AcroRd32.exe	85
PID 4396 wrote to memory of 3224	4396	AcroRd32.exe	85
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 1328	3224	RdrCEF.exe	86
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87
PID 3224 wrote to memory of 3160	3224	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a27c546a31fb48baceff1e3373f9481e_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DF72D766B1BCAE9B75A8F9CA85DA24E6 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1328
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B74501E389F638A38CED3A84AB3853DA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B74501E389F638A38CED3A84AB3853DA --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3160
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0489955F875D353EED62622EB32F21EA --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4728
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F956F0499762DBB70245299B08AF676F --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3968
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=411905F47B98D67C166D30790B556AE7 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2448
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9722D2D208429D66A7B4D988837554DE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9722D2D208429D66A7B4D988837554DE --renderer-client-id=7 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
0948d0369b60fd0d59c0fa9b9d2ab241

SHA1
368ab35eaf6581f32bc28140d0fc0b3ba98263a2

SHA256
7cfba98b35c8d12fd17723ea6c5f7ba3fa4802ce462a9d5188914cf181437938

SHA512
eeef09de40cae06df5e0f8c8a734e2dbe8aa87aeb0617a0adb0e058cf44cfb13ff2eb83cd86c70325ad519ed461b6f67b75d6906146ffb686406a9302f19b8b6

Download Submit