5ecaed488b032a5abd983df2e59ca3b9dd576c008af624793c06a5502760e3c2

Analysis

max time kernel
80s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 09:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0d9efd417838eac690c9a9d8239d8e3c_JaffaCakes118.pdf
Size

12KB
MD5

0d9efd417838eac690c9a9d8239d8e3c
SHA1

fd81e4b1433dad3ea0c964e88295b79efa536fd3
SHA256

5ecaed488b032a5abd983df2e59ca3b9dd576c008af624793c06a5502760e3c2
SHA512

de5e62afda9cbd5eea48d77d3362bbc4ddfbd79491bba527ad58159d547d7f303b432536cfbd63657439089c5063704567b666bb64e2c075d27f487a609da834
SSDEEP

384:bONbedw+lJ5URBw7JypHCHQYnNRpdX5+6GBpCzoB316XgJesvQEerEGX6xzcpwyr:yRBw7JypHCHQYnNRpdX5+6GBpCzoB31m

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4532	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4532	AcroRd32.exe
4532	AcroRd32.exe
4532	AcroRd32.exe
4532	AcroRd32.exe
4532	AcroRd32.exe
4532	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 3164	4532	AcroRd32.exe	80
PID 4532 wrote to memory of 3164	4532	AcroRd32.exe	80
PID 4532 wrote to memory of 3164	4532	AcroRd32.exe	80
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 2904	3164	RdrCEF.exe	81
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82
PID 3164 wrote to memory of 3732	3164	RdrCEF.exe	82

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0d9efd417838eac690c9a9d8239d8e3c_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3164
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F57754D07DE16750C65427139BE6E44F --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2904
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=17D5E5EF56019C5D8261A6EADAF7465D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=17D5E5EF56019C5D8261A6EADAF7465D --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3732
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FAD29FCCA062238259F0D7DF3FE99172 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3220
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3E1FD4C5B1EDF5E8F6FA0741A68AC107 --mojo-platform-channel-handle=1920 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2616
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1D9B2808E2F361693E3CED259ABBDA04 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C6BD1DDB5DB79C29F7198E7881C1F167 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C6BD1DDB5DB79C29F7198E7881C1F167 --renderer-client-id=7 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d1397bdc9458582b54af4dcbd28e3c77

SHA1
853e1621f71d67c6576394b839b1fe2adba1ce98

SHA256
aa9191e79ad3226a8b3d7bdc720ed4db68751b87878258c8b09f39ac36e7121e

SHA512
01e22322870349baf90b94cc60e5c455a2ba70e6f89d9fe072e054f412ca18928fe0b127189d63dacd9ce732897790c22b64611004ffaeab5f8192b4fdc77333

Download Submit