f1bcfba82da7a6b387a65b7780c812fcecb56c1655200c00e472976cbace9804

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d2adb3b8463d249da27b2c50871802f_JaffaCakes118.pdf
Size

132KB
MD5

0d2adb3b8463d249da27b2c50871802f
SHA1

5b4e3d8c0d061a2e6679f085a7ee2cc5feaaf36c
SHA256

f1bcfba82da7a6b387a65b7780c812fcecb56c1655200c00e472976cbace9804
SHA512

2bc4bb721a884c2e8e9abf9015c5dd72388e76092c473387e02dc38232009a38e99b811cc0ba622374e3571d9eddafa9f2adaa8080e7139363c7d93b934cb9cd
SSDEEP

768:T6T43iRui6B9av/+6Z5KAms7Jvr6cI4y/wtYYY4YYYtJRYYYtYYTK8vGYYY8qhf0:d

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
316	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
316	AcroRd32.exe
316	AcroRd32.exe
316	AcroRd32.exe
316	AcroRd32.exe
316	AcroRd32.exe
316	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 316 wrote to memory of 1708	316	AcroRd32.exe	83
PID 316 wrote to memory of 1708	316	AcroRd32.exe	83
PID 316 wrote to memory of 1708	316	AcroRd32.exe	83
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 2080	1708	RdrCEF.exe	84
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85
PID 1708 wrote to memory of 4044	1708	RdrCEF.exe	85

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0d2adb3b8463d249da27b2c50871802f_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:316
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1708
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6CCC8DC6FC0FE4A0844EB08F608CDBFC --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7635AB28D906AFD98DA1C02923720D24 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7635AB28D906AFD98DA1C02923720D24 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4044
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=18DD84ACB2DA4870E13504D155C9A24C --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:696
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5CFEF67FCBDC43B93B7DE7DB0D5C87E7 --mojo-platform-channel-handle=1916 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3864
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7DA4BDA8DF6A22CE74D5148FD1B303AE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7DA4BDA8DF6A22CE74D5148FD1B303AE --renderer-client-id=6 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4584
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=49C10304BF355F66C34E6193ADE9ED9B --mojo-platform-channel-handle=2800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
80c253232c817fb73635542b4a1e7887

SHA1
b8b4ada983bb59482a99959c5b2bc9a20319bb2a

SHA256
9abcbf45665433baeeca1ce1e33f40a53d7449b7fcfe9a4bf704438edf2b05ee

SHA512
81502110caa5728d7cc26a939856f488e3f7410ed3088ce94013566b6b577aec87d602cec56682b4c329970a0d21ecba5d1e813e447610425cb89e4d5b3a8482

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
cf0c7181c006d55d18304ea07c203c9e

SHA1
344e88c905783efbbd97c804cc61a5e5e99a5d59

SHA256
910892824100bef778003ea622a5befe42cce1915c07c4985257bfb842e7e717

SHA512
62f7163c8d890ef35115c87fcc87d7536233454f33a727e0ef8df5a925269a4819e14fdaf14e6f438fef86bfd605e187f144c21f2354dfdb4be80b343e33023b

Download Submit