cdb43c0c400a4dbdc135184160706b8e2127443d013ff8c7fe5d1aad60b51fb6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 01:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

24404dc03c0450802e5b5fac40368804_JaffaCakes118.pdf
Size

73KB
MD5

24404dc03c0450802e5b5fac40368804
SHA1

cbea5e114fecc876bad9b477ee5deaa86cc3700d
SHA256

cdb43c0c400a4dbdc135184160706b8e2127443d013ff8c7fe5d1aad60b51fb6
SHA512

f551838651d72e4f84f2467dbc1b7fa2c634c524737c58fcf6d3103b17d493619118978433cf494dd7a2a8fb20ee4da48f2309798e16a494357588bff2b5d42d
SSDEEP

1536:/u8uWQw5G+SDXC3NiP48DeP6NElAA4CTvUUAEbDym48PjwKVP:Xr0NyUg8H6lwEbDysPjwu

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1500	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1500	AcroRd32.exe
1500	AcroRd32.exe
1500	AcroRd32.exe
1500	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 548	1500	AcroRd32.exe	81
PID 1500 wrote to memory of 548	1500	AcroRd32.exe	81
PID 1500 wrote to memory of 548	1500	AcroRd32.exe	81
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 4204	548	RdrCEF.exe	82
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83
PID 548 wrote to memory of 3192	548	RdrCEF.exe	83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\24404dc03c0450802e5b5fac40368804_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:548
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6942D4564A16E96B29F351B4AB6CF24D --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4204
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A99768B76BF34A8239AF3D56B85A3E40 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A99768B76BF34A8239AF3D56B85A3E40 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F1DB878E2DA686A22B05A45BF502BD11 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B3F485593EF62F6531BD868C3F9B9B2 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2272
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8AF4326C354A1BF57A5BC9BA39C3ED6A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8AF4326C354A1BF57A5BC9BA39C3ED6A --renderer-client-id=6 --mojo-platform-channel-handle=2512 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4748
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A13A87CE54AF87FB2B0B6F98566305F7 --mojo-platform-channel-handle=2540 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
cdf5eabb679ceaefcd4f6c3d67ddc005

SHA1
9107b4bc2ebe1d15e4300939489672fc295e1dd9

SHA256
a8ee50563c1a3d6614049e86335ce66304e80fd54365b5c14a3733cd81746cad

SHA512
aa2f47ab4069d97761d8e3c196050bc4bb997cc088605a2ba89c6bd5f27437c831b422dd44e4ed916eeda744fb42812ebc1db03b373cd864e4d4434a492feda7

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e1a0cad2dca38c6eed96f8efb88197be

SHA1
194e9cb46e85b754b06c36cf0a1cee20d04ee83a

SHA256
39abebaeee185d2aff6e7eaa2590fa4e20c340e0cfd670d3e6b1fbcd23186e54

SHA512
dc70965e61356760494c3a33506a75e951a11601e3f41b8608f8f85454ed9c3fc5f4b923f9a8ab2b4e45df04d66ad5518d15ce46821c4fdcf73b30a80492c8cd

Download Submit