5456b3ff155e8431f76441dedba11a26fd4ecedd53b7516c2b68f5c3138f2e5b

Analysis

max time kernel
93s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

238c2a935144b1d1363d26db2dca55c6_JaffaCakes118.pdf
Size

7KB
MD5

238c2a935144b1d1363d26db2dca55c6
SHA1

bc7046c5bd858a346e83d163f0602574e3a3fb77
SHA256

5456b3ff155e8431f76441dedba11a26fd4ecedd53b7516c2b68f5c3138f2e5b
SHA512

d5013d31a4ce0ca53cce26d9128c3e6f9bc19b5437100a8249633b556179ab1cdc46439db56dca7bee60e091968e684139d752297e0bda8cf7e156a35c9bba7f
SSDEEP

192:mUz4ULMxL1KtZys9+oOQh0oIrOb1bUWawX/q97tuWbBBt0g46yeNtriHK7O2sE:mUz4ULMxL1KtZyw+oOK0otUWawS1tuWj

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2016	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1292	2016	AcroRd32.exe	81
PID 2016 wrote to memory of 1292	2016	AcroRd32.exe	81
PID 2016 wrote to memory of 1292	2016	AcroRd32.exe	81
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 900	1292	RdrCEF.exe	82
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83
PID 1292 wrote to memory of 1424	1292	RdrCEF.exe	83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\238c2a935144b1d1363d26db2dca55c6_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1292
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DE4D89D368087CC07700DA19DFC5414A --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:900
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=921ECBB226FBBF5730E385FC7202C05A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=921ECBB226FBBF5730E385FC7202C05A --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F6B156F36A54AA0D0DCABDB4F04E677A --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1060
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F1ECA6EF29313776EC5F07570D1B0CCA --mojo-platform-channel-handle=2272 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1116
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A0B34A72A016FE4F0EA23C092CF97225 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3064
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E026BB2C334D6EBF8CC3B781E1824BB5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E026BB2C334D6EBF8CC3B781E1824BB5 --renderer-client-id=7 --mojo-platform-channel-handle=2384 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
93b62ce234104b8f1e5e5c0e9410039f

SHA1
fd7bbb7669749f8d20428e2f57fa2bf9f394e4c0

SHA256
ec4825292b717e3bfb243f5a5a13fe8340cc168b08e04031ac3422e0e4a8a9a3

SHA512
6515a18d75ae19836d7896c3b191428eaa0e5514ca792423b562a724e45ae30aa4c36c8cf546fe656c4e253cf79650fc2d7f8afd7e71f058457031a8db981f40

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
44bb4d9e1e84cf49861e4f49e5f5a2c6

SHA1
abe8958354b04dd6e1bebb8576c60dbc6a9cf1cf

SHA256
72d6d246d7f2dad9068383247325c50ce50c784d7b1c3a31b93dd7823507d22e

SHA512
22cef493f86d93248f55456237f6c04266e4f2e7d024cbb73853637aa7d00c11757c5a0bba0464702efe025517ccadefed88d60734574c2e2add278d2a9646be

Download Submit