a3a6f716771fb7d2213ffb839bf42d192e2a91bc2a74ea8ac610f193e239f0f5

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0abd4d129ec2566cdcc757eac4ee433d_JaffaCakes118.pdf
Size

15KB
MD5

0abd4d129ec2566cdcc757eac4ee433d
SHA1

546a9c596fda9568371cf6f51bfc14e398991956
SHA256

a3a6f716771fb7d2213ffb839bf42d192e2a91bc2a74ea8ac610f193e239f0f5
SHA512

589af306462160e2764b14262cc3214dfa48583102d1ae3da8853fd9022a37c5389795c957f6fc8288ec2cff3e74bd2cf08bc177e72b27a6ea3f1f55089afc39
SSDEEP

384:5P5uqkV2wz1+Y0lCtkPA9mjwtdpft0cJrq/21jwyVSOYnY4:vYzCGft0cJrquJwyVV6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2208	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2208	AcroRd32.exe
2208	AcroRd32.exe
2208	AcroRd32.exe
2208	AcroRd32.exe
2208	AcroRd32.exe
2208	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 4012	2208	AcroRd32.exe	82
PID 2208 wrote to memory of 4012	2208	AcroRd32.exe	82
PID 2208 wrote to memory of 4012	2208	AcroRd32.exe	82
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 4804	4012	RdrCEF.exe	83
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84
PID 4012 wrote to memory of 3848	4012	RdrCEF.exe	84

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0abd4d129ec2566cdcc757eac4ee433d_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4012
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=430AA2832F68D9DF5B9DCAE39ADAC239 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4804
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=908766305FC23D05413668E3DB0EBE06 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=908766305FC23D05413668E3DB0EBE06 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3848
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9183BE2D89736D4AE2AE648F07E3DDD --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4008
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0E121D99CD0CDF0A5FB25ED59A8F5E3F --mojo-platform-channel-handle=1932 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3212
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=371C2C00E4EB9EFF762827FC20B7FB19 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1292
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C647242E5B4D0C00207CA26E63BF7EC8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C647242E5B4D0C00207CA26E63BF7EC8 --renderer-client-id=7 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
55a8a2b594cd27776f3cf77bb77f878f

SHA1
4e49a82e8488e18b5fb291511e12003a3ba6625f

SHA256
5fadd452965f2653130ec01170d8f3f27edebaa2a94f4b487fe549e699c9cb4f

SHA512
0dbd5de70391b653371be22d9735ccd2aded2a78194e6646049373dcddd65664bdf81b86178eec5486d196636a53c8f81a1cf29d664aba536740fc9b25b0e01a

Download Submit