968dd4cf72aeac0c959dd2c781a0fb37113043b36ac16cbd8591aeace8e3705b

Analysis

max time kernel
141s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 11:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b1b29436374ed9a83de574f24cfc600_JaffaCakes118.pdf
Size

132KB
MD5

1b1b29436374ed9a83de574f24cfc600
SHA1

fda59af3ef7a6cda9d3e973d8ef10233140bec78
SHA256

968dd4cf72aeac0c959dd2c781a0fb37113043b36ac16cbd8591aeace8e3705b
SHA512

4ca10281251322c3b70f9023ce3e96d836bf094524a1ff5007231ecd677c694db8d8d523bfb6ffed6bc04b1b55ff72d6d163fbda3c9649bfcc78596650357fe5
SSDEEP

768:IKyLYOYU24YK11/PMSev4ItbHYLsCYQYtIMr6L92BXvZBCcxJ/GFe:9

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4124	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe
4124	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 3612	4124	AcroRd32.exe	81
PID 4124 wrote to memory of 3612	4124	AcroRd32.exe	81
PID 4124 wrote to memory of 3612	4124	AcroRd32.exe	81
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1852	3612	RdrCEF.exe	82
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83
PID 3612 wrote to memory of 1208	3612	RdrCEF.exe	83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1b1b29436374ed9a83de574f24cfc600_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3612
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=130534B91AF048DC267BAC2E814E24DC --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1852
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D7AE295BBC0B8D595E2FC5267880BC29 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D7AE295BBC0B8D595E2FC5267880BC29 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1208
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D73A5A358C156DB1F537C4F5A3909CDC --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=416307330B65668C0187A242E1CF49C4 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5024
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9B55A7AE3BFA81F90B741525C2121B90 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9B55A7AE3BFA81F90B741525C2121B90 --renderer-client-id=6 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2308
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F25A54CFDA0A89A99F39565978E164E1 --mojo-platform-channel-handle=2660 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
99d83c2b1d8610f4d55cf4b0da83cfab

SHA1
564cd114ada8f45e84cde05ba25e09978d6d4fee

SHA256
b2e60a43a939b030e7a414941e3620cd4ff6eae13fd23de5bdd7052a6ab1ab6c

SHA512
17c3c72e473fcd7854b52803ed57ff305baed5cf98214be1833ff155f41755eaec4fe658b7c202df3d6ac1a2c54ab4d188262fd66c6dcbc56a23252ea91f1af8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e3a31737d646cdcd48da1541fab1f4c4

SHA1
8a8af9a3d113c5d5591bfc5059bde5005fe60a96

SHA256
05c7612ca484dc2e41424abe7331282cb021a1df614d3da4b28c2f5f334c1daf

SHA512
6fc2e8a6c93494b2133512871695a367d0ecd515f19764b9203dd1493c223537f9a99177f8703dd533865c93fb4c75b896d0bb7d715afeae05749239a211a6eb

Download Submit