1a9c79d95da4cd693376cb347757ecfbc873a3dfe754e2d7d75f09cc28b8917d

Analysis

max time kernel
93s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a688be5e7da33d412bcd3b2cf9cbd32_JaffaCakes118.pdf
Size

132KB
MD5

1a688be5e7da33d412bcd3b2cf9cbd32
SHA1

dee3210d7e8777fe7c69497c3d5f9e9c1d49a40b
SHA256

1a9c79d95da4cd693376cb347757ecfbc873a3dfe754e2d7d75f09cc28b8917d
SHA512

2773384423e0fe210c896a2cef115622bf2cd8bb765829b3a1bae484a65f4a3f9ed165e62238b792bfc4512282fa88e643b2691a966eed9e2e8ca10dbdaccaa4
SSDEEP

192:bONbedw+lJ5QslPRtV9H30eVvAnhST1yAJEmz5spYmqtmYimzmemMmumE3GPoqaJ:bONbedw+lJ595spYt2iVBNBx3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4532	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4532	AcroRd32.exe
4532	AcroRd32.exe
4532	AcroRd32.exe
4532	AcroRd32.exe
4532	AcroRd32.exe
4532	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 4864	4532	AcroRd32.exe	80
PID 4532 wrote to memory of 4864	4532	AcroRd32.exe	80
PID 4532 wrote to memory of 4864	4532	AcroRd32.exe	80
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4844	4864	RdrCEF.exe	81
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82
PID 4864 wrote to memory of 4872	4864	RdrCEF.exe	82

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1a688be5e7da33d412bcd3b2cf9cbd32_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4864
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=30D1FFE8B944A8DD27A59D72A39B9ED5 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4844
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=28258AC9CA8D4C90F9CFAD94E42DDFD0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=28258AC9CA8D4C90F9CFAD94E42DDFD0 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4872
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A4E23F30A272CDA7CC533A49FFB65774 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1004
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D745D80CC4A323FB8B8F0A1775B26A79 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3704
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=24B677235D324FFC1D9A2BB6647DC3A5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=24B677235D324FFC1D9A2BB6647DC3A5 --renderer-client-id=6 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5116
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FA37850A758BC7ED15562EE7C82BFD99 --mojo-platform-channel-handle=1900 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
0e4d7f257013a8ef37e770e88f43cbb7

SHA1
51fec7130e4b181774c3250a90e1f69e37ba044b

SHA256
e46545fd9bd29bffa219ce32f37f672190d3623be81abb3bcecfdbc0bc26302c

SHA512
f30bdf5760f10f54dcb8a28678c23a9ab3cb2de5ad7884da66ad3874dffd86318425faf26dbffe352dc3b4db131c73fe4c18f8d4afd37edbb5450d7f46ee7b36

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
703e11b1ac2a3bc653de3743f89d03c5

SHA1
7209d935e7c3b09bbd705a7ce5eff2465a96be7c

SHA256
5ecc1b0c0ded20c96ce1cf141b3f63fcd5fa637f8d1a87c9aee8a7f6ed44b01f

SHA512
a10cead17dbfe8e37176e2e0ffd82d8dbed291d275c308c44eba94227c63e944455645e81e502a6388c06b48abeb54e9e033be0ac3ae84c1826817f0c16b6179

Download Submit