ac1a9b8ca478f8c500f3f8fbbf42338485ba4e115de1992360975153e1603286

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 13:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b3d009ae82d82d7e5ef99dbe663923db_JaffaCakes118.pdf
Size

41KB
MD5

b3d009ae82d82d7e5ef99dbe663923db
SHA1

0dda4f9b4cddf9b87ac8b50186677f1993bbb262
SHA256

ac1a9b8ca478f8c500f3f8fbbf42338485ba4e115de1992360975153e1603286
SHA512

5956a2a09bb29b843d9b917428915612ef61289333cd5f94ff4fa61e0a341303e0decca5dad07aa2f571738a17ab27728f4d27f07d8871e3507ea284922f3738
SSDEEP

768:5XuMZmwgCLWarJX42g3YAJ4ZDHUR5UrqAOWWSfR6Qpr8C7kFY:5XFZmGWSmv3tJ4ZYDUGAOWW86C7kFY

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1140	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1140	AcroRd32.exe
1140	AcroRd32.exe
1140	AcroRd32.exe
1140	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 2676	1140	AcroRd32.exe	85
PID 1140 wrote to memory of 2676	1140	AcroRd32.exe	85
PID 1140 wrote to memory of 2676	1140	AcroRd32.exe	85
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 5004	2676	RdrCEF.exe	86
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87
PID 2676 wrote to memory of 4976	2676	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b3d009ae82d82d7e5ef99dbe663923db_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9D90361F20667FBA967164A9874A2C4 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5004
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=87C45C23FAB3B4EFB5EA9FEEA0E1B661 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=87C45C23FAB3B4EFB5EA9FEEA0E1B661 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4976
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=32810D4160AF7B9CB2E45EFDED8A530D --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1620
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1421AFE02D6B73E7A63DABA7A31A99FB --mojo-platform-channel-handle=1868 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3980
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=29EA1729A8CACDC65913A8AB54E805C7 --mojo-platform-channel-handle=2356 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1208
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A2B9BD556C99B5A5A2C3D1B5A278A954 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A2B9BD556C99B5A5A2C3D1B5A278A954 --renderer-client-id=7 --mojo-platform-channel-handle=1920 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1c61b0230569760207d180366b718827

SHA1
938a64f57abef3e690f7246b5539518fef4918c9

SHA256
e4c2046200c5252e4c4f0f517b362e702c2bc77705f79116762e8363a8240de8

SHA512
b0b29149bc9a781b7489e0f9e01682fecbfd0d3dbbdb5b2d5e604e08f3e2e161239f5f117c539d29e993db0aa29ed3f5372a8fd08c0363203eacf63f1234b401

Download Submit