Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-03-2024 09:23
Behavioral task
behavioral1
Sample
1e653943f211b7476702d37433da0567_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1e653943f211b7476702d37433da0567_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
1e653943f211b7476702d37433da0567_JaffaCakes118.pdf
-
Size
93KB
-
MD5
1e653943f211b7476702d37433da0567
-
SHA1
9e84e4f9cbf99e2b8edb2274eabacd01f512f099
-
SHA256
134d335df6e84b783e3bccda7043af070c4e8b4f0667596d0449a9c62451ff0b
-
SHA512
9161dc9570a1fe7cfedfce6ae5986c3c5f3985bd2f50c0fa63d2df85e90988b9ebccc79fa968298f52846356689d622a2805bb9928ea13534387ef495bfdfbe3
-
SSDEEP
1536:O9pGBSiaoWq3FJ0TXit9Vh5FF2Nr4+Ne85lXyy1HF7EpWApO67QxdWf2uITqSS/Y:4mS0L3H0jiJ/FUNXNN5V1l4Q67QxJuI3
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4828 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4828 AcroRd32.exe 4828 AcroRd32.exe 4828 AcroRd32.exe 4828 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4828 wrote to memory of 3516 4828 AcroRd32.exe 91 PID 4828 wrote to memory of 3516 4828 AcroRd32.exe 91 PID 4828 wrote to memory of 3516 4828 AcroRd32.exe 91 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 4508 3516 RdrCEF.exe 94 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95 PID 3516 wrote to memory of 1828 3516 RdrCEF.exe 95
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1e653943f211b7476702d37433da0567_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3516 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2AA4FF6AA013C5E8120DAA6A5456C3DB --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4508
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EE3F32BA2BC27B23F56F999517E4A6A4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EE3F32BA2BC27B23F56F999517E4A6A4 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:1828
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=30807194E37352E75D9A27134C330C91 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1244
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3015046FF35EFE37995A6BE22B781087 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3015046FF35EFE37995A6BE22B781087 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:13⤵PID:3580
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A8569BCE980E9932320B0085DDB3EAC5 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3596
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9F8EA90EB94150CCB75D822BFA49093A --mojo-platform-channel-handle=2224 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2984
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵PID:1988
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD59e8e917f105e9796b3251b4c993fdf24
SHA1c2cb697181b259286f4cda0c515da7e9cddd654e
SHA25612ba39ba913b34bb1292d8aa0af915c1793cc489ab60089ad1b0ebf711da0adb
SHA512bd1a06302e91cf73927ceb846b6ce5f2c7a684de4b25d63067c2ecdc5313948a1d135591d52a75c26a7931fabfc2c03c1ed77b545832a9f1174f7224545b4979
-
Filesize
64KB
MD518ee639c318f79909e72485c47bd86d4
SHA17e61859733b0043c4f11b93589fcbc91e0ce5b11
SHA2566e03298597cbd1109d162daec24d60b6a76997c15b46d445880852a76f15323e
SHA51291fc1b05e1d0003552d03425f66a94e1b4a5f8088e013d4d677aa81096d392cd744916d675891fb406d68dd834c511a7e911f9e1d501d6867c60860fa3b1245a