9e399a87fa77a2c8222e240db96c31ea2362b99f03191962293094a6dfd5ceb0

Analysis

max time kernel
52s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6a08639a6ebc4eca596ff9fe40be3b6_JaffaCakes118.pdf
Size

44KB
MD5

a6a08639a6ebc4eca596ff9fe40be3b6
SHA1

0ef596dfd3c1b29405e160b28e667ae89fa68bf0
SHA256

9e399a87fa77a2c8222e240db96c31ea2362b99f03191962293094a6dfd5ceb0
SHA512

1b2ba728fd5a9b1882367c423df7290f03a2fa4dda194f98ef6146f827d6631d973540fb2b069e7b07fb812ea2e8b5056b31609de4ad0b41514a79a7bf93e4f3
SSDEEP

768:qgGzpD4KM8f3xJGDgd+xx5O5VnX9oVXB8J6ytvdSmEZUBtg8lPTCgkZ47L:3GFkOExx5OLnXSX6J7v/EZkpPTnu47L

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3204	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3204	AcroRd32.exe
3204	AcroRd32.exe
3204	AcroRd32.exe
3204	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 1324	3204	AcroRd32.exe	86
PID 3204 wrote to memory of 1324	3204	AcroRd32.exe	86
PID 3204 wrote to memory of 1324	3204	AcroRd32.exe	86
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4872	1324	RdrCEF.exe	87
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88
PID 1324 wrote to memory of 4876	1324	RdrCEF.exe	88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a6a08639a6ebc4eca596ff9fe40be3b6_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1324
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3708FB1D8ED4BEA7FC64651B82727246 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4872
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1C16735BB5B5DBA82332F1D2C34087FC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1C16735BB5B5DBA82332F1D2C34087FC --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4876
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=58686903C1CE98B4F52A811B967DD9BD --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3892
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DE727F3CFD320A1DA5093C44F45888AB --mojo-platform-channel-handle=2400 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2124
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=787AA27FC0CF26A0885D74562DE0A297 --mojo-platform-channel-handle=2436 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2796
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=77145E0CC294C54022C71D9121B26F06 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=77145E0CC294C54022C71D9121B26F06 --renderer-client-id=7 --mojo-platform-channel-handle=2448 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
f10df0c55f72561862dca54ba1292fcc

SHA1
135627b3e101320b7305a6db4a6aaf3dcd9d3fb4

SHA256
e31a76427abe468c88cf7878596dde56d8c5dfaa48ec84c22c1bb43131b72751

SHA512
8df8634e8697278a3ea91430fd67ee1624c893ad587e2866e033c8216880c1b9f47cd0b29bcd0eb4a542f5242a80713c465aa0f47822ebed0c5fb641365ec4d1

Download Submit