d8a3efd75277299ded3f5f7f82e19ac8f26726efae378a02194339ad2c0f45e4

Analysis

max time kernel
51s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a86cd43e6c879702f78e70f9975f9037_JaffaCakes118.pdf
Size

186KB
MD5

a86cd43e6c879702f78e70f9975f9037
SHA1

80070c68c5561accb8c99b8ed2dfe2635d670b0a
SHA256

d8a3efd75277299ded3f5f7f82e19ac8f26726efae378a02194339ad2c0f45e4
SHA512

57b3ea9ceabdf9bc9e305e76acc4e16d1f069ebbf7a49a8a7222d1af036fda72bb63789693e7353bcc6808bee14edace429e5db692a85dafbffb3fc955f62545
SSDEEP

3072:Xl2irbxzGAFYDMxud7fKg3dXVmbOn5u+6KjnnQ8N+WQFUx35rkSPSE:V2MKlWQ7Sg3d4bO3Q8N+zUXkk

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3740	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3740	AcroRd32.exe
3740	AcroRd32.exe
3740	AcroRd32.exe
3740	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 1876	3740	AcroRd32.exe	85
PID 3740 wrote to memory of 1876	3740	AcroRd32.exe	85
PID 3740 wrote to memory of 1876	3740	AcroRd32.exe	85
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 736	1876	RdrCEF.exe	86
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87
PID 1876 wrote to memory of 3268	1876	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a86cd43e6c879702f78e70f9975f9037_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=91BBD480E81F8FE5D35506235C6AA930 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=632C07549D6F4557235552E90BA88D9B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=632C07549D6F4557235552E90BA88D9B --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3268
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=18B7E72B61294EBBE4F4C935B6526B81 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1764
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B2B03556E63457D6D4093EB45706720 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3140
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F92486100699ADC0ECA1319223CF40EF --mojo-platform-channel-handle=2456 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4732
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=68EB1FB1B7D55BDE80C4415916FC026D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=68EB1FB1B7D55BDE80C4415916FC026D --renderer-client-id=8 --mojo-platform-channel-handle=2460 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
03f52cad43bf9ca8c1a2697e31e3183c

SHA1
450dd9918de236f45974f5b2eb0d79deae29c677

SHA256
b2a0f322748a6d65e8d0893b1c4392505720c61b8c9b3ec2876777d3a6a13178

SHA512
4e030e9db8125a17df78d75b0712e8b489f4518ff86b5ffd4e14042596ac26baa886734d185f0b9a7d760798e98d189f3a41510dbf2300ef4214ff73279907d3

Download Submit