9425af72a62329681aa4bd3f38de306d1f7d829a68a3e6b9febfafa29b02d162

Analysis

max time kernel
52s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/06/2024, 20:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00563d231ebad450ce844d961c7e74bf_JaffaCakes118.pdf
Size

106KB
MD5

00563d231ebad450ce844d961c7e74bf
SHA1

69e3664f712947be1d1baa600f29ff9dcf8a1a85
SHA256

9425af72a62329681aa4bd3f38de306d1f7d829a68a3e6b9febfafa29b02d162
SHA512

e2ed7e642ae87f7969d28964932723b41453ce5d9712a3c8b1cc088bcf63980e7a172786a0783a5a83e8124827c38a854dd471997687032882a58323d444fe46
SSDEEP

384:bONbedw+lJ5R99mnBv9m/2zW+OWmbVtranbg/HXuPgMn2LENDgPbmPTjJtin4eHR:L

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4732	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4732	AcroRd32.exe
4732	AcroRd32.exe
4732	AcroRd32.exe
4732	AcroRd32.exe
4732	AcroRd32.exe
4732	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 3032	4732	AcroRd32.exe	84
PID 4732 wrote to memory of 3032	4732	AcroRd32.exe	84
PID 4732 wrote to memory of 3032	4732	AcroRd32.exe	84
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3688	3032	RdrCEF.exe	85
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86
PID 3032 wrote to memory of 3984	3032	RdrCEF.exe	86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\00563d231ebad450ce844d961c7e74bf_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3F99675667586B65976C1C7D54EAEFBF --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3688
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CC71CF80BEB301BC1E812793503892CA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CC71CF80BEB301BC1E812793503892CA --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3984
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BA9519FDDE0BEBF17889A0273D0722F7 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3132
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=25C705A331568D5C1F48F6A6B1EF9061 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C6CDA393B7D0640041E8DA7B4F5E46C2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C6CDA393B7D0640041E8DA7B4F5E46C2 --renderer-client-id=6 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=703D586869D978E133DD87444F71E786 --mojo-platform-channel-handle=2536 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
43159412caad447294a88f5f6fa0c780

SHA1
1f1c043f2ea27f458e8e1466ea1d5b5d26221fcb

SHA256
1f800fe4f0d975c4f4102814bd125b26f642897bff1258584699123f8528be4f

SHA512
fe1e15747f4d3c27496bfdec656dd66f75690934bc74fdeb2990530ee40919767fcb8beb65b50e78ef595ad09bfa842e58a3b62dc7f93750cefb367391f0a048

Download Submit