Analysis
-
max time kernel
141s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18-04-2024 00:19
Behavioral task
behavioral1
Sample
f6e38d717d0bff2da9f46ece79ea531a_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f6e38d717d0bff2da9f46ece79ea531a_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
f6e38d717d0bff2da9f46ece79ea531a_JaffaCakes118.pdf
-
Size
42KB
-
MD5
f6e38d717d0bff2da9f46ece79ea531a
-
SHA1
392468fb399daf2cefb24523c2e53f1e796d00ee
-
SHA256
9c6bada099f22b87968fbd004f91b56a251576dae2bb00520414d61763935382
-
SHA512
01a03d19421c6bd0d5064221fbd3feb874a41ccc86c0002d59968a77973e570b8cfa33fc6830063b6e1ea85b268f3d83c2f038e8f02e045d5983bdbd68e38435
-
SSDEEP
768:UTU/MyS5l0SDSIdLI6qzK9bti3v9+yvJeSBa7y/vyIUf8Tihx6X/4YZbXmFJ7o4v:OU/hoeELhZevBBeSB5fpTihx6P4UzUEi
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 376 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 376 AcroRd32.exe 376 AcroRd32.exe 376 AcroRd32.exe 376 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 376 wrote to memory of 3560 376 AcroRd32.exe 89 PID 376 wrote to memory of 3560 376 AcroRd32.exe 89 PID 376 wrote to memory of 3560 376 AcroRd32.exe 89 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3016 3560 RdrCEF.exe 90 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91 PID 3560 wrote to memory of 3452 3560 RdrCEF.exe 91
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\f6e38d717d0bff2da9f46ece79ea531a_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:376 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3560 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CF45F877F12B8FA8900F62352E167536 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3016
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E1CF1C95630D40E75E84A9B9CE8BF154 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E1CF1C95630D40E75E84A9B9CE8BF154 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:13⤵PID:3452
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E75AFC06E28BCA5E785D80A069E4E476 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5456
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C99D39917E90C67D69E6B41684719D78 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C99D39917E90C67D69E6B41684719D78 --renderer-client-id=5 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:13⤵PID:5632
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F3CFD193A98F08A8598148CD9538E8F1 --mojo-platform-channel-handle=1912 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5572
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9D9E8610D9F88F64D9CCFB4CC53C7692 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5240
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5e77aba394fd07785935dc1f7aecd74a4
SHA16e9f9c27e01dd964a23b0c7349c3394cbbd4c1f3
SHA2562755f62e175dd4edb4698f5c1a79a1b0f7794c06000c606a8cfe477a8a276dc8
SHA512a497ef8dcaed72e5f96ac329a9b764082d43f25f2eaeedc36c024230f5d9a61ef442aeee7febf6807554fe870bcb3edbe949a73f8d72bdaedaf1c72291446f5f
-
Filesize
64KB
MD5415b783db01072a2abbf78c9cb857ff4
SHA16245efd455230e1db5710789f8aec0d2eae19dc8
SHA256f065e3419b8ab463151d9724a8c846da15abe902021ae504a26cb753b0dc3fdc
SHA512244e9882c12760c9b41aaa8f55cf8a397a3ea69c4a888ed29bb7323316049e7473380155773b98d3def3a4d1e1a4a7fb2c18079433280c6cc6ec4fb2559e9092