35a4134f37bae89cab9c2ea977de2c9be7a2922c4df706225afe622deac80a11

Analysis

max time kernel
141s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 16:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0ecd3ce53eef559bbf1aa4f81ae56060_JaffaCakes118.pdf
Size

61KB
MD5

0ecd3ce53eef559bbf1aa4f81ae56060
SHA1

fae37597ea96a381ed84ef35a26458d7f33002f4
SHA256

35a4134f37bae89cab9c2ea977de2c9be7a2922c4df706225afe622deac80a11
SHA512

116e505399598ef1815025d052f2129f8101d2becdbccfe124d7913720c3cad0bb237d0474e2a47bc31327c61edeb1d0a066016f185e3151684c05ca6b334e0f
SSDEEP

768:XCzWVcUDPQ84U5l3UfbKRkbma7ZVv1gE/7HoI4/Nf1Hhrh3NkQTsAuo0kc3xzpL:NtDiQSfbJbpZVv17Mf93emWo07L

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1340	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1340	AcroRd32.exe
1340	AcroRd32.exe
1340	AcroRd32.exe
1340	AcroRd32.exe
1340	AcroRd32.exe
1340	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2004	1340	AcroRd32.exe	85
PID 1340 wrote to memory of 2004	1340	AcroRd32.exe	85
PID 1340 wrote to memory of 2004	1340	AcroRd32.exe	85
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 1888	2004	RdrCEF.exe	86
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87
PID 2004 wrote to memory of 3548	2004	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0ecd3ce53eef559bbf1aa4f81ae56060_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7E703C0DF9673BA7B761305517A386CA --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1888
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1789B0E9EAA6B506BD867A803C16F704 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1789B0E9EAA6B506BD867A803C16F704 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3548
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AE00AC59523082FD6C51B7D358C9F405 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A65168CD09C069583E53713DE86829A --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1548
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EDCC1672D12F3C0487AA11FB35162790 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4936
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=54198CAD503DB7118AE42CAC42535C54 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=54198CAD503DB7118AE42CAC42535C54 --renderer-client-id=7 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
9871a1b6af2812f1199629b9095aced5

SHA1
f403563050b6e0c76df60df95715154b61742a27

SHA256
50c82a85334bba1b04cd4de01c2412ab31ecce9add8fdd68bc786c27e828bb20

SHA512
e868feb554aa02bf261c6b898bbe064933ca23af871e5a73490b2ba8a067dc93cbada4027567e93e2c1051abdecdf7b7b2479fdf9f099a743bf6b77d9ead47db

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
690d39b6e84fae673ac775c2fa1160af

SHA1
ee630fb2c0e85312308aa590e8edea7ee0f370f3

SHA256
df04e1e04586fdcfd2b0fcdddce1cf69b5f038883855e39a1b586c248399c304

SHA512
d5dd9b521c267dfa15ebe7a69ca08964b6dfa819c565dae271c2daa93a9772a2b8ada114b371a74e98b397915b873f888374a0843a27e378651aaeeb70d0e528

Download Submit