cbc85843c34ad6f935ef815ea1f642a67faec03d80b1f608b3b3c2777494e185

Analysis

max time kernel
93s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

231513a764e68b5036ca64fb9e6aa7d7_JaffaCakes118.pdf
Size

76KB
MD5

231513a764e68b5036ca64fb9e6aa7d7
SHA1

80c99ba0f132917ecd51179b73dbc9d32b1e9a75
SHA256

cbc85843c34ad6f935ef815ea1f642a67faec03d80b1f608b3b3c2777494e185
SHA512

a08ef51f887ef0e199e915c1894a74fe840de1553412662eb50f52549e487cb2f6168cc94d2b043bfee6cc5c12d447d077f1a4ea6b82324267f0c1c141f7d92a
SSDEEP

1536:XNkRN8Q9RiAYrDu9q/jXtqLdURellawIn1WGpOK+vyuuWhSSrqE4kNf5K6:dELrYrK9ZpUR0WnqK+6u3ZrXx

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2472	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2472	AcroRd32.exe
2472	AcroRd32.exe
2472	AcroRd32.exe
2472	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2044	2472	AcroRd32.exe	81
PID 2472 wrote to memory of 2044	2472	AcroRd32.exe	81
PID 2472 wrote to memory of 2044	2472	AcroRd32.exe	81
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 436	2044	RdrCEF.exe	82
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83
PID 2044 wrote to memory of 1076	2044	RdrCEF.exe	83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\231513a764e68b5036ca64fb9e6aa7d7_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB8AD34BDE9325A427528D883CC85E6C --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:436
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E92D3EB9D0854ED186171BD5F8A16D74 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E92D3EB9D0854ED186171BD5F8A16D74 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=76DF612A966F9F02C86746B147AD5D07 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3536
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=29A660418DFD7CC3E9CB30F0DDDECC37 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5056
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=014D838A4AB38C11F0AF6A3B0BE70256 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=014D838A4AB38C11F0AF6A3B0BE70256 --renderer-client-id=6 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2396
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E310845DE3A4292D776745B47DE51588 --mojo-platform-channel-handle=2660 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8cec9436b8669cdb09594eee1e1f0b2f

SHA1
25e2f42139eeb4a4d8f84c47fd61a130b458bc82

SHA256
22b570ac6853cee6b8b9f68c5f661e7d36b31ea02e4828e71e1bdd303221b972

SHA512
72597320bc4684ef4ba0b83a8595a9df6f45d175c3a4ece180093a4066de83a7205baecc1c35ed2456710a213b20f79a28d5d6155278936340830a1623c70319

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
97e27db465c9a743caa0d4af14b8bf1a

SHA1
a6f5a335781ec411d5ee8525e6e32af3cad9d49a

SHA256
0fd364687554703a53d3913c4a9d8c057463c882889bf62f4fe511833decf772

SHA512
c64c1af497933c2508ed0aa043aa0d60f39af79108b360c72e41f2cff74c00b798d9c433d28ed3f50213cd322f74e31d9ba54db81026def5cc83b9d998563b3d

Download Submit