Analysis
-
max time kernel
130s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 01:38
Behavioral task
behavioral1
Sample
6951b7bf71b5c21f8ab5cb6b0daace5d_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6951b7bf71b5c21f8ab5cb6b0daace5d_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
6951b7bf71b5c21f8ab5cb6b0daace5d_JaffaCakes118.pdf
-
Size
40KB
-
MD5
6951b7bf71b5c21f8ab5cb6b0daace5d
-
SHA1
648ee32e08bd972e3593412dbb26f903a0f8e8d9
-
SHA256
2c28cde5b7cf78d55a776803d4b36b05e582c5be3fd1d0643f336bfc283f0d17
-
SHA512
2cc109b0d9e453fa054a2fa2c8fe7a4d5610ac54080f15ca87e92c9eadda6a3631d451d7ed6772962ebd6b3a93a4df374e649fcca8e7862e90a3b44d58a58f86
-
SSDEEP
768:MgGzpDVpZFV5TTGfZY+h8ebFTpMy5UbDlSkxaJots8YoTuyD7Al7bvaU/eTXMVlS:JGFxpDV5vG3pMy54lfjt5qyHWb8gVl01
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 1912 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 1912 wrote to memory of 3076 1912 AcroRd32.exe RdrCEF.exe PID 1912 wrote to memory of 3076 1912 AcroRd32.exe RdrCEF.exe PID 1912 wrote to memory of 3076 1912 AcroRd32.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 4932 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe PID 3076 wrote to memory of 1900 3076 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6951b7bf71b5c21f8ab5cb6b0daace5d_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=46191777CAE778F9AAEA8F265404FCF3 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=03A44F698975205BF0299CCE236F0216 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=03A44F698975205BF0299CCE236F0216 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5C571941FF733FDD6529B6EB067E54BF --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7A475ACC66F04D3EECFABD04439DA0C6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7A475ACC66F04D3EECFABD04439DA0C6 --renderer-client-id=5 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=15F655C23DE25EF1CB6145068A61C220 --mojo-platform-channel-handle=2656 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BA0F3DA572B34D62D715A206742813D --mojo-platform-channel-handle=2364 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD5320b758356580f07ee9fe7a839dcef8a
SHA1e47383bf028589735797c6e89f617cc4c61d17c1
SHA2569f96ea4176d498608f0b6a66a91c24342507e3bdd9593cc635cffa70fc23b191
SHA512a5a1bae264028ecf5d9fe2e229324b9807405af57281245d22084481822e5c5e9108aa7d367311c5d4a16c633f6ad530cd1ffb8665676fcd9efd51669ce20b74
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD59297109538d08ff5a8b5e3c5186cc05e
SHA1f6d4c2b60bd0ff237f85ce5c8e02bf26feb53d5f
SHA25693e66448fc424988c85e0bdf09bf0b9224b15151def62b09b1275601c3e99b19
SHA51201eab31863ba20441fec8ccd270d6f76bf9361683d5d07431dc642239b00c450dac8f7aee564ebfb8205b4367a41b497cc9893d5600badbe6fef32004483ea08