aa8412e7ac008675a04fcd29f12f72468ea81f3719f8fade06a7ca645b9e2a49

Analysis

max time kernel
91s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

254100ffe704afada9b3ef933177a709_JaffaCakes118.pdf
Size

78KB
MD5

254100ffe704afada9b3ef933177a709
SHA1

06f3e4a8d3b7588673be9e68d6221b76ffb1bb6d
SHA256

aa8412e7ac008675a04fcd29f12f72468ea81f3719f8fade06a7ca645b9e2a49
SHA512

5482f7d607bfcf62dcb62a4a67259704d5cf9d267fc374e66f1138f8b4afa5f301ad75b323894ab19745929353c31c8b26a45c5ac2d876421186a5c3cb5df3db
SSDEEP

1536:Y86GiazHfwk4BEqjE7qzX25F6W+AJZWNIDLN6hDJRlDsQAyWQpOCx6HMweu:HzHfCEqjEoX2X6fAJjNOJTsQAVCy

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1060	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1060	AcroRd32.exe
1060	AcroRd32.exe
1060	AcroRd32.exe
1060	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 2020	1060	AcroRd32.exe	81
PID 1060 wrote to memory of 2020	1060	AcroRd32.exe	81
PID 1060 wrote to memory of 2020	1060	AcroRd32.exe	81
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 4908	2020	RdrCEF.exe	82
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83
PID 2020 wrote to memory of 3844	2020	RdrCEF.exe	83

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\254100ffe704afada9b3ef933177a709_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2343B8CC1C1C64F7C614B4D6DDBC7AE4 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4908
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F952D0E8D02F0C5A9AE4E013B05DFD01 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F952D0E8D02F0C5A9AE4E013B05DFD01 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3844
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=715ADB62370EF4142D319A0EFD827BCA --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2148
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ABA0DCE11A27878CF0D5FC6F00BB9010 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2FA14B805D86CFFD514EAFC1B04F80B8 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3280
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9F46F603F44A8A591AB3332B80C1D8BB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9F46F603F44A8A591AB3332B80C1D8BB --renderer-client-id=7 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
88868f5bd835b7a3f7ef49e7f024f097

SHA1
71d8802c189edd5b414204f0c53e27098a2b9274

SHA256
e0ef3bcc00f80f54cc04353b1e1b739ee76fe3b29bd2376082c8e045feef288e

SHA512
9733c88fd7d3fc319e613581e1f2d108e7a6211cc96231f8ae8824c77e78de626133b2088d99cfa94c149b0e40bd4733742e8f8782d5c885834df97f3a734c70

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8f980b96e139f2b48068f66bec57f608

SHA1
dc7af678756d5403104552adddf9f3c4d604bead

SHA256
36de418a903cd67a4955b85361b04cd508bb10206d5e06339a49422e3fc2c355

SHA512
dc985e4e6f3b8a72e62385f6b78f79fe7cb2e56c942c3e8420cfb3598341971e4069a83107a8532db926295e4d67031a0c2b9f2ed19b1926f2511d661bd7144d

Download Submit