Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22/05/2024, 16:33
Behavioral task
behavioral1
Sample
67e5e9ad8caab919d353108aec0aeeb6_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
67e5e9ad8caab919d353108aec0aeeb6_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
67e5e9ad8caab919d353108aec0aeeb6_JaffaCakes118.pdf
-
Size
25KB
-
MD5
67e5e9ad8caab919d353108aec0aeeb6
-
SHA1
a086f31fcdf0fd6920ac05700cca68aaec53246b
-
SHA256
ed91ca71d758578968998ade6d5926352b092ca96e31366cdf4f9f4052b8b757
-
SHA512
bcabba237518898a36632fc59dc0087e0beeaf8c44f533f3dc5b5073f860af6c60cea0d786370a03e3844cfbc10ca3069c9cc7ce50832e00427f6d8bb347c900
-
SSDEEP
384:T/QON8MUG6Qgw0JZCTzz02YFnarXp0NUm19RFY17/ZXsr8cNQSXJrYcOSCUS37SG:TXuMZmwgCLWarauO9TkTZX28cNZ9/6Z
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3560 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3560 AcroRd32.exe 3560 AcroRd32.exe 3560 AcroRd32.exe 3560 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3560 wrote to memory of 2672 3560 AcroRd32.exe 92 PID 3560 wrote to memory of 2672 3560 AcroRd32.exe 92 PID 3560 wrote to memory of 2672 3560 AcroRd32.exe 92 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 1204 2672 RdrCEF.exe 95 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96 PID 2672 wrote to memory of 3428 2672 RdrCEF.exe 96
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\67e5e9ad8caab919d353108aec0aeeb6_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3560 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F19B2936E2049D82609DC11FC6ADD168 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1204
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0EE931984EA45111ED7E856E9D84228E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0EE931984EA45111ED7E856E9D84228E --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵PID:3428
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=199B2E0CCAB296D169E8ABFBA16F51C8 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2968
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A4C08F2577A61EB07E2BB32269145FCE --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3680
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=776FB104FF7979821C5D18B285A96C16 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=776FB104FF7979821C5D18B285A96C16 --renderer-client-id=6 --mojo-platform-channel-handle=2396 --allow-no-sandbox-job /prefetch:13⤵PID:2964
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0BF210419930535CBFDC4275A302F542 --mojo-platform-channel-handle=2540 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1216
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4968
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD512f36b8d51620297604cf0865ff3cb2c
SHA133c017c7c6f1455c11e405595d99d8e92e1d5571
SHA256c8244e1a5bd587257dcf35f7b2be27e848d3626bc7acdaf372841ecd36031be0
SHA5128ae1f29b722a50f45ec76a0ae4d4803d0ce61957dee4a53cff9c222b72842083572c2c9775dcabe3efbdd6143922cbcf1a0e10b497c83c55b42ef8946ae02bbf
-
Filesize
64KB
MD5902131f6d1e76f9ec13e9b87d85f69e7
SHA12fdf4aba728b8de6fb64a3168271c9408577b7d4
SHA256bba9cd32ce3c2a49191e62de88007fb6ddd1e5930c3d97847f401646f82f0c97
SHA5129070cba2917f388df3fdedbc7200497146cb189e13361aaf77ebe5aced0c9e261eaf4963320c67cab9f12e522c1bc0ff398efb8a27760c61c5c152efd16f0f85