Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

24404dc03c...18.pdf

windows7-x64

1

24404dc03c...18.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 01:58 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    24404dc03c0450802e5b5fac40368804_JaffaCakes118.pdf

  • Size

    73KB

  • MD5

    24404dc03c0450802e5b5fac40368804

  • SHA1

    cbea5e114fecc876bad9b477ee5deaa86cc3700d

  • SHA256

    cdb43c0c400a4dbdc135184160706b8e2127443d013ff8c7fe5d1aad60b51fb6

  • SHA512

    f551838651d72e4f84f2467dbc1b7fa2c634c524737c58fcf6d3103b17d493619118978433cf494dd7a2a8fb20ee4da48f2309798e16a494357588bff2b5d42d

  • SSDEEP

    1536:/u8uWQw5G+SDXC3NiP48DeP6NElAA4CTvUUAEbDym48PjwKVP:Xr0NyUg8H6lwEbDysPjwu

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\24404dc03c0450802e5b5fac40368804_JaffaCakes118.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:548
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6942D4564A16E96B29F351B4AB6CF24D --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:4204
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A99768B76BF34A8239AF3D56B85A3E40 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A99768B76BF34A8239AF3D56B85A3E40 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:3192
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F1DB878E2DA686A22B05A45BF502BD11 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:3080
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B3F485593EF62F6531BD868C3F9B9B2 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:2272
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8AF4326C354A1BF57A5BC9BA39C3ED6A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8AF4326C354A1BF57A5BC9BA39C3ED6A --renderer-client-id=6 --mojo-platform-channel-handle=2512 --allow-no-sandbox-job /prefetch:1
                3⤵
                  PID:4748
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A13A87CE54AF87FB2B0B6F98566305F7 --mojo-platform-channel-handle=2540 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:1580

              Network

              • flag-us
                DNS
                154.239.44.20.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                154.239.44.20.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                71.31.126.40.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                71.31.126.40.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                0.204.248.87.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                0.204.248.87.in-addr.arpa
                IN PTR
                Response
                0.204.248.87.in-addr.arpa
                IN PTR
                https-87-248-204-0lhrllnwnet
              • flag-us
                DNS
                144.96.55.23.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                144.96.55.23.in-addr.arpa
                IN PTR
                Response
                144.96.55.23.in-addr.arpa
                IN PTR
                a23-55-96-144deploystaticakamaitechnologiescom
              • flag-us
                DNS
                95.12.20.2.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                95.12.20.2.in-addr.arpa
                IN PTR
                Response
                95.12.20.2.in-addr.arpa
                IN PTR
                a2-20-12-95deploystaticakamaitechnologiescom
              • flag-us
                DNS
                28.118.140.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                28.118.140.52.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                86.23.85.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                86.23.85.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                206.23.85.13.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                206.23.85.13.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                172.214.232.199.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                172.214.232.199.in-addr.arpa
                IN PTR
                Response
              • flag-us
                DNS
                11.227.111.52.in-addr.arpa
                Remote address:
                8.8.8.8:53
                Request
                11.227.111.52.in-addr.arpa
                IN PTR
                Response
              No results found
              • 8.8.8.8:53
                154.239.44.20.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                154.239.44.20.in-addr.arpa

              • 8.8.8.8:53
                0.204.248.87.in-addr.arpa
                dns
                71 B
                 116 B
                 1
                1

                DNS Request

                0.204.248.87.in-addr.arpa

              • 8.8.8.8:53
                71.31.126.40.in-addr.arpa
                dns
                71 B
                 157 B
                 1
                1

                DNS Request

                71.31.126.40.in-addr.arpa

              • 8.8.8.8:53
                95.12.20.2.in-addr.arpa
                dns
                69 B
                 131 B
                 1
                1

                DNS Request

                95.12.20.2.in-addr.arpa

              • 8.8.8.8:53
                144.96.55.23.in-addr.arpa
                dns
                71 B
                 135 B
                 1
                1

                DNS Request

                144.96.55.23.in-addr.arpa

              • 8.8.8.8:53
                28.118.140.52.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                28.118.140.52.in-addr.arpa

              • 8.8.8.8:53
                86.23.85.13.in-addr.arpa
                dns
                70 B
                 144 B
                 1
                1

                DNS Request

                86.23.85.13.in-addr.arpa

              • 8.8.8.8:53
                206.23.85.13.in-addr.arpa
                dns
                71 B
                 145 B
                 1
                1

                DNS Request

                206.23.85.13.in-addr.arpa

              • 8.8.8.8:53
                172.214.232.199.in-addr.arpa
                dns
                74 B
                 128 B
                 1
                1

                DNS Request

                172.214.232.199.in-addr.arpa

              • 8.8.8.8:53
                11.227.111.52.in-addr.arpa
                dns
                72 B
                 158 B
                 1
                1

                DNS Request

                11.227.111.52.in-addr.arpa

              • 8.8.8.8:53

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                cdf5eabb679ceaefcd4f6c3d67ddc005

                SHA1

                9107b4bc2ebe1d15e4300939489672fc295e1dd9

                SHA256

                a8ee50563c1a3d6614049e86335ce66304e80fd54365b5c14a3733cd81746cad

                SHA512

                aa2f47ab4069d97761d8e3c196050bc4bb997cc088605a2ba89c6bd5f27437c831b422dd44e4ed916eeda744fb42812ebc1db03b373cd864e4d4434a492feda7

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                Filesize

                64KB

                MD5

                e1a0cad2dca38c6eed96f8efb88197be

                SHA1

                194e9cb46e85b754b06c36cf0a1cee20d04ee83a

                SHA256

                39abebaeee185d2aff6e7eaa2590fa4e20c340e0cfd670d3e6b1fbcd23186e54

                SHA512

                dc70965e61356760494c3a33506a75e951a11601e3f41b8608f8f85454ed9c3fc5f4b923f9a8ab2b4e45df04d66ad5518d15ce46821c4fdcf73b30a80492c8cd

                Download Submit

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.