fc592704ffd1de82e47a01a81e5db0b4fb112782288998de2cf2fe30f298212e

Analysis

max time kernel
51s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1a715a098722199b98da3dfd856b64e_JaffaCakes118.pdf
Size

39KB
MD5

a1a715a098722199b98da3dfd856b64e
SHA1

514111ac469ff85937cf94aeb386251904e30fdb
SHA256

fc592704ffd1de82e47a01a81e5db0b4fb112782288998de2cf2fe30f298212e
SHA512

c27ead7cefc141a974df9749e9e2439b74f9679a332fef70fc434b3b8c0b1f4bcf54bd96c7b1e35eb2ab78b57d5be6b76e92dcb2d5f5f861c2b84114c4ee40a4
SSDEEP

768:ZgGzpD1eI4xx6mq8ZfyYFN1heiGzdXID/jednvyWvxzr13NU+8WZ:aGFpe6WTmYXednRvtrbU+8WZ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1632	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe
1632	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 640	1632	AcroRd32.exe	85
PID 1632 wrote to memory of 640	1632	AcroRd32.exe	85
PID 1632 wrote to memory of 640	1632	AcroRd32.exe	85
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4792	640	RdrCEF.exe	86
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87
PID 640 wrote to memory of 4680	640	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a1a715a098722199b98da3dfd856b64e_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=71ADF03B09A0F69596DC99FE9CCE2EF8 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4792
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B92B586A6B9ACAC9BADDB658C807E27E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B92B586A6B9ACAC9BADDB658C807E27E --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4680
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3E539B0CBC272681DC1E6BEC78140FA8 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3412
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22E3685CABC0A589C5355207FC8157FA --mojo-platform-channel-handle=1892 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1212
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B1D57D868C6015E9BD3FC85E4DB46FB2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B1D57D868C6015E9BD3FC85E4DB46FB2 --renderer-client-id=6 --mojo-platform-channel-handle=1992 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1452
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D25726242E77F92EE079096D1F8988B7 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b2e843c8b2c266ec43f8b82ec0db3506

SHA1
4b08e1f041ee304ad25f2fd208e3af729dde6c8d

SHA256
b721d8af748a8c0df3de663215a578d485d4ce1e33dc410140876cc45a5fa0f0

SHA512
395e5b2588d83c6d57f00c5373839dafb79121e5ee9faf2031576c79872ab33fd30ee7c604a13da2c10821cdaee64edc8bcbbcc207b0aa409919de08b259b96e

Download Submit