Analysis
-
max time kernel
142s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 10:34
Behavioral task
behavioral1
Sample
e25781fb6c95f4d2b6b7dc3d111b6196_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e25781fb6c95f4d2b6b7dc3d111b6196_JaffaCakes118.pdf
Resource
win10v2004-20240226-en
General
-
Target
e25781fb6c95f4d2b6b7dc3d111b6196_JaffaCakes118.pdf
-
Size
85KB
-
MD5
e25781fb6c95f4d2b6b7dc3d111b6196
-
SHA1
6071ca558bba747f5f002c58dbf9a12cf3e1d5c9
-
SHA256
c853731fedc3a8bd8a21742a402234fdcd196068f17660348cade77c862c97bc
-
SHA512
2ada47a129436a3ef7dfd20ec24694d3d091a4577f2095f14348e7657382a16b8f665158dd6cd1cad9d0dbd99dbc782f572a4fb896282a6882bcb14b2f56e86e
-
SSDEEP
1536:lcdJo+pnUiIPsSLkmoPKa1/ZmXMPtEOfCqHYMapvAPhnWapOn6W9JhMjXIUnM:M6+pnnIP1kmSrXPtEOfCJMaC5wnwjXIX
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 532 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 532 AcroRd32.exe 532 AcroRd32.exe 532 AcroRd32.exe 532 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 532 wrote to memory of 3180 532 AcroRd32.exe 93 PID 532 wrote to memory of 3180 532 AcroRd32.exe 93 PID 532 wrote to memory of 3180 532 AcroRd32.exe 93 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 4000 3180 RdrCEF.exe 94 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95 PID 3180 wrote to memory of 2284 3180 RdrCEF.exe 95
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\e25781fb6c95f4d2b6b7dc3d111b6196_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:532 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3180 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E7AEEAC8312D20F573794081B47C6607 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4000
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8DA1FBD644867C61C960924DD10C0CB0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8DA1FBD644867C61C960924DD10C0CB0 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:13⤵PID:2284
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C0BA18901ABEF2BC6C256BAD04E059D5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C0BA18901ABEF2BC6C256BAD04E059D5 --renderer-client-id=4 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job /prefetch:13⤵PID:4620
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8DBB24F63AE3532DD479FFB3FC9AC57D --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4760
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CCEFBE82C26A4C7C2A1AD3770061A1D9 --mojo-platform-channel-handle=2588 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:876
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8C56060660528B3F513ABAFCC5999449 --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2564
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD539cdc1e9bc2fe944486856bb2735b84f
SHA1240e210ac8c020d069f67ad76ac73f860163ce8a
SHA2563652b99d1c3adc19f7f6ee894806fc344b1c168c6997215280c0586fd4af6213
SHA5123b1b30796851642e5401db38eb8c4b615f1089797dc82970c68c376cd13bfea9c5517dec3c84ee2659c7d1fb88c470ad057b34a5843a0d289d89130c3d4a9432
-
Filesize
64KB
MD572570585edebd1c61e0023e31dde75a0
SHA1207bc3af910dc02c536405aa5f50083dc270d0e1
SHA2566c53268e6d510a319c4612c4b79ec87148adcfabfae0972383bd25e8c0e10307
SHA51207c4ebd61f372d2822ac0732e28a40a9edf815a8b19d768371caf54cd833db8584aef3c300a30212bbbd1165e92dfb3cb0dd5876204ceadc58454ccae3f7395b