42133c942389ca41e9227e0fa9740969af0911a6ed79be475afe702c30873c35

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22b98a404f0368bab43655e892ddb5ec_JaffaCakes118.pdf
Size

82KB
MD5

22b98a404f0368bab43655e892ddb5ec
SHA1

d0dad50586896849a9995ffe88884961db7bf5da
SHA256

42133c942389ca41e9227e0fa9740969af0911a6ed79be475afe702c30873c35
SHA512

ced58307d76edfec7f8fd01b4de337ad7bcb9649660de0e1eda353e5885c3c956094e02e223ac0b55823aa72366e87a724f8036b2edc77335f83b82a759fe537
SSDEEP

1536:JGmhayHubxsuuB2+fHwW/T+qWeSeOpvBFCxVjuWr4k400XumWxApOGE5/pK4:UmhDMxs7lHFiqxSeOp+fjek400+z3GER

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2932	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2932	AcroRd32.exe
2932	AcroRd32.exe
2932	AcroRd32.exe
2932	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3264	2932	AcroRd32.exe	81
PID 2932 wrote to memory of 3264	2932	AcroRd32.exe	81
PID 2932 wrote to memory of 3264	2932	AcroRd32.exe	81
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4748	3264	RdrCEF.exe	82
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83
PID 3264 wrote to memory of 4816	3264	RdrCEF.exe	83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\22b98a404f0368bab43655e892ddb5ec_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3264
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6B1AA010BF497E61F7B4CEA71CA88998 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4748
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=82366FB92FD87879B1FBF10991D85D96 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=82366FB92FD87879B1FBF10991D85D96 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4816
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7E670427AF47145208F40594D2B3F798 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3712
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=05C5FCC39D07DE14F6A3942980D0E85B --mojo-platform-channel-handle=2108 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3668
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7532CF23E21D471510454018864E83C8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7532CF23E21D471510454018864E83C8 --renderer-client-id=6 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DF16AE5AF737D19E097EBD380FD3C119 --mojo-platform-channel-handle=2720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1910476ab136cdf93be1aae7c0e8c07c

SHA1
accaf7dfee7740ff7662f36c663e9209adc87613

SHA256
ab0bbbbc21c77a3ed735ead8d89177f7d559c767bad923bda8b8e862f853711e

SHA512
496fc17384bde43fee477f3fd3f6e6ad7ee98e25bf2d7bb6a2a2980ff48a4cba15b4da0dbf27b20c3eb24c5d150aa56fb5b5cc130ce8e66b3f591e8ec7326ecf

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b06002f892043029201aaec365bf8fd2

SHA1
5077b1e57cbbbc120634c062a7a9b99882f3a7b3

SHA256
d7eb5b3d61143c9642ec5487f4feb35a0fe062e8e5f254a4496cae9fda2c77b1

SHA512
9a4ee05beea8710975bbed093d5db7ca3aa3fa23dd06feeaf11e183d29d56ffb4b0cd3ad51aedb38769e4e24709ca6a22882a3d8ccffb04dfd603ffeea1250fb

Download Submit