ce72d08fa4f5a99f9c3d713e31498515dd527a697d357aea545f73cdfc65ebcb

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

246ed75237e87f358b100624539a08b4_JaffaCakes118.pdf
Size

9KB
MD5

246ed75237e87f358b100624539a08b4
SHA1

9208c17548a70d018cb2c7356c9567a1f5486bda
SHA256

ce72d08fa4f5a99f9c3d713e31498515dd527a697d357aea545f73cdfc65ebcb
SHA512

6e55f303483e969410e787990c70e4aed8f5b4c5bbf0020f6a32a6eee20845c358c1d9df958c1128acefdbdfde2dc5ccdd009f71123604bcaa12067a1591cc36
SSDEEP

192:aPz4ULMxLIKXHszsFqRkAiNE2Zt3brY3j1JQHKt/WahfNk4PoGkzO8T+VWkCE:aPz4ULMxLIKXHsAFwCEgbczDQHC/9fdd

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

AcroRd32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe
4988	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

4988 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4988 AcroRd32.exe
4988 AcroRd32.exe
4988 AcroRd32.exe
4988 AcroRd32.exe
4988 AcroRd32.exe
4988 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4988 wrote to memory of 2212	4988	AcroRd32.exe	RdrCEF.exe
PID 4988 wrote to memory of 2212	4988	AcroRd32.exe	RdrCEF.exe
PID 4988 wrote to memory of 2212	4988	AcroRd32.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 1484	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe
PID 2212 wrote to memory of 3588	2212	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\246ed75237e87f358b100624539a08b4_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4988

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:2212

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=67942A00AEC32500A25C79740953B7E3 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1484

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=831EB61F1E97D75D827453D6E4BA34BF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=831EB61F1E97D75D827453D6E4BA34BF --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3588

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CBE478F9DA84785840D2884D4E67577A --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3244

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D9AAFF3A1425CEBB85846A13F2B73221 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4744

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=83CDEF671094E088DD119235C33F552A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=83CDEF671094E088DD119235C33F552A --renderer-client-id=6 --mojo-platform-channel-handle=2456 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4144

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B1C7CCF5BFA9F26BFB823293A429BA38 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
8a2a861c23a234fd57d591834baf687f

SHA1
f3871ddcee25b6b3980d9791a26bf2ae2e29023f

SHA256
9363c3d3a6e408e7ba81cc4d1cf9f2c8064082e76fe3fc0713775f6995535030

SHA512
160e55d45d1a02fa06e65af2fc9676321027c14f2deeecb519e44cadf01ffeab8cd7438345a7592e3163df681e9bbf1d1b4b47c4317d3390e300c58cc88b9a06

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
e038bd51c99f6751975a10fb58732e53

SHA1
face9cb7c024d0d9d5971d94fa703339c7eca382

SHA256
3707c9abae91202ed15864792602305f01d8928239fa984faf907fa93344c253

SHA512
db29928ec40804314a900441b6250e5830b94b7231175c2ba0a52b1cb6cfd6c479f975e13be086c2ebc7e6b4965ee4f77904cf994ac4cb24bfb5423266e2a123

Download Submit
memory/4988-33-0x000000000A1B0000-0x000000000A1D1000-memory.dmp

Filesize
132KB

Download