446b126b3ee35bf32b82f35c909caae4e5fc2d17bb5d6080b93a8b3a790e1b44

Analysis

max time kernel
94s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 14:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16628f0326decc453df12a1da4d98b79_JaffaCakes118.pdf
Size

1KB
MD5

16628f0326decc453df12a1da4d98b79
SHA1

39ffae0f312a806749a9a92cf7ff4e9555c92e15
SHA256

446b126b3ee35bf32b82f35c909caae4e5fc2d17bb5d6080b93a8b3a790e1b44
SHA512

5ada087b6c3e6a3421eaf7c3bb9d8070eb1b84d27cfdb7166c1046f6ec08ec0c3e540f85b4f608b769148b8a94133407455f8d76bb5f1baa978fd1720d3e35d0

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2536	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2536	AcroRd32.exe
2536	AcroRd32.exe
2536	AcroRd32.exe
2536	AcroRd32.exe
2536	AcroRd32.exe
2536	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 4468	2536	AcroRd32.exe	82
PID 2536 wrote to memory of 4468	2536	AcroRd32.exe	82
PID 2536 wrote to memory of 4468	2536	AcroRd32.exe	82
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 3496	4468	RdrCEF.exe	85
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86
PID 4468 wrote to memory of 2300	4468	RdrCEF.exe	86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\16628f0326decc453df12a1da4d98b79_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AFFF4F05AEA212425135828AA5BB68EF --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3496
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E4DFEEDD4C526FA4267EC71309E2D3ED --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E4DFEEDD4C526FA4267EC71309E2D3ED --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2300
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B13A65C05891C6628E0207534F97992 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5104
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B9983436F9E1DD3622416B49AAFE16D9 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2324
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=86CC14207E4D4D012D145A7C3256DF1B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=86CC14207E4D4D012D145A7C3256DF1B --renderer-client-id=6 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4088
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E3077306D7A7E540DF0AC26CF42812FF --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e7e1d45d0bcc8182cb400b145d6371ed

SHA1
f11ceb454ac796351cb3b3ac71bbeca133145f7d

SHA256
b38429b843e92783b13b28e87a18d65194248fe78d2738f1b4dda8a6a3e2e357

SHA512
5d8eceb14d78355b3d577acb6d6b8417416af5b881f517e6215fb0fee8a025deeb75de3e96d5eae2acfeb4b012baa2e66e05414ab03454d9999599256851233c

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
45305e67ee178e5230101ee1a1cdb30e

SHA1
13f84b31e5442b120530be71e2a43c61ea61b7e6

SHA256
c107d3cee24ab65016e0b2edbc9bb6028a65808ab9b91ed62d4ca9ae74bd9ad5

SHA512
05444e8443819b6b8e33f1cc589c24f717c91a00f1d78220808f34c0f22f5f204e9d360fa063e753028822d639fe14cee3873ab314d5a44ce01b073879396ba9

Download Submit