Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
21-04-2024 16:27
Behavioral task
behavioral1
Sample
ffb36418f34733fceb9f98b15821dcb7_JaffaCakes118.pdf
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ffb36418f34733fceb9f98b15821dcb7_JaffaCakes118.pdf
Resource
win10v2004-20240412-en
General
-
Target
ffb36418f34733fceb9f98b15821dcb7_JaffaCakes118.pdf
-
Size
33KB
-
MD5
ffb36418f34733fceb9f98b15821dcb7
-
SHA1
75b864c966f9e0475d218c6658f2a5821541abca
-
SHA256
365247801986ad4d6e6910ab0153d5c4c0ae9df55752f721a42dc01c8f6176a8
-
SHA512
6f3f2e5bc5550d6711eadd4bb416fad046bab484d9838d918fcf740ca2daa18b6e7aade14f96cb33527f3d02c2e23bd1e5a6f47c19d24aa4aa916e6f6a4aa676
-
SSDEEP
768:FylJL0W4iJQHDYGp7J/yTRmndwNE76UOP/iXg:KL0W9QsI7lYmnd1DXg
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4784 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 4784 AcroRd32.exe 4784 AcroRd32.exe 4784 AcroRd32.exe 4784 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4784 wrote to memory of 4996 4784 AcroRd32.exe RdrCEF.exe PID 4784 wrote to memory of 4996 4784 AcroRd32.exe RdrCEF.exe PID 4784 wrote to memory of 4996 4784 AcroRd32.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 2768 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe PID 4996 wrote to memory of 3820 4996 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ffb36418f34733fceb9f98b15821dcb7_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9E3D111D0DE751BE65701DD6DF778F85 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E3311B3458270C90CAB0ED0AC06E3EAA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E3311B3458270C90CAB0ED0AC06E3EAA --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8D3FDE793F0FA710B9F1E7607971228D --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2E2896A505430916E5BEACE8E5CAFF80 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4EB4194AAC61DEF6721BDF89326CE0F2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4EB4194AAC61DEF6721BDF89326CE0F2 --renderer-client-id=6 --mojo-platform-channel-handle=1988 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F71CF98FC9ADF18AF31B65EB5A9EB169 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD5ae21b3ed17002dbb2d236ea3baffc26f
SHA1375a6b6b4380fbf61f4ecc781854c5585dc392b9
SHA256a4b988b82c8f3d8da2b97c09e1c08972b7827326441a6c2c9843dcbeb86dbec4
SHA512ba6a15dbd383b96bb4944dd3bf69b2b136894bd60726a1a3ce835e54db8a4cc9241b668fd77b496fc8714b0e18e0e74f274540182822ef7e14e4c9710a69a67c
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD566b7105277c6abdd015b6828d4d11db6
SHA1ae92e307144ed171930459880b80960b4657c094
SHA256a1a090312ab5b15c15b351fe30608a40688eebe05d93f716f40c3ac7445b9818
SHA512caceb3fd65ca008ab644d55df9a4632ccc2ae9414ab9190219eb79785e8722620b1613ed475d4e6c22d019836ad489625ef2a0cdea3e6f627a21a585abda4c79
-
memory/4784-31-0x000000000A360000-0x000000000A381000-memory.dmpFilesize
132KB