Analysis
-
max time kernel
133s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 03:57
Behavioral task
behavioral1
Sample
7f6c5b9e18af4627da7fd25b1df96736_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7f6c5b9e18af4627da7fd25b1df96736_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
7f6c5b9e18af4627da7fd25b1df96736_JaffaCakes118.pdf
-
Size
147KB
-
MD5
7f6c5b9e18af4627da7fd25b1df96736
-
SHA1
db6e2af4e9e18e2354007221f88570db4ef53eeb
-
SHA256
552463611453bc1960bb2c811e906bea542e8b141e566c2da01c2db5b3ea3178
-
SHA512
effc7ed1059cf859dba4790ba0bb9ccdd71d5701ff7725e0808766648ac45c7de1b3129cf5dfc1080e477a3e21a2db801e3832935cb55a4467b2d7939c85572e
-
SSDEEP
3072:oF5pkXdZYIXkH2ozA9bzpPJ00WfjLszelCcyGdHwNEZ:grkXPYIUHobzpPJ7yMzqT9dAs
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3248 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3248 AcroRd32.exe 3248 AcroRd32.exe 3248 AcroRd32.exe 3248 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3248 wrote to memory of 2920 3248 AcroRd32.exe 90 PID 3248 wrote to memory of 2920 3248 AcroRd32.exe 90 PID 3248 wrote to memory of 2920 3248 AcroRd32.exe 90 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 1100 2920 RdrCEF.exe 93 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94 PID 2920 wrote to memory of 2204 2920 RdrCEF.exe 94
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7f6c5b9e18af4627da7fd25b1df96736_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3248 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2920 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CDC73DB61616026E99987D16143F89C6 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1100
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F737CAFF2EE9D14EC7FADDA0F4DCDE33 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F737CAFF2EE9D14EC7FADDA0F4DCDE33 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:13⤵PID:2204
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A1EE0189E548F18C02577EDDCF717A4 --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4016
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=54E0BF49DBE918A2D8C7E201CE2EEAAA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=54E0BF49DBE918A2D8C7E201CE2EEAAA --renderer-client-id=5 --mojo-platform-channel-handle=2360 --allow-no-sandbox-job /prefetch:13⤵PID:2360
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B7AEB82EE7EAA0563945879DF91C527 --mojo-platform-channel-handle=1912 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2056
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=886DD352C2FA759B781A4DFE46A9A22F --mojo-platform-channel-handle=2808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2100
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5aa495760a8750258744b3daa8b671ff7
SHA1056de2d634f63d709e4232b3fbb325b72cbeab52
SHA2569874a81cd0bee2ed71b4a7790ccf12931b3476aed4481dbb78fde1d954ba0825
SHA5125e53565f57d59590d26b80fa6efa41dd4648a7b499126f9934052df19c69a5f07654df5b702b07a9e581ae15971a6368bb7439b6c181743675b45b0d67895f1f
-
Filesize
64KB
MD558c351dfb9fc8c3e23b1a3a678f32d6a
SHA163cf3928c58a9d29ff14d2c3a463f890b9ad5b94
SHA2563bc98eb5fe02be693f7b39f7fd235397ea19b3cdbfce479b33e79fb59105894f
SHA512aa79bad375239f25f37877866be5ad304291507623dba950f795e91d04a85ec76958ab7a8db28dd31ac304f4fc78e1dccbfa4445018df0b80c8127db79646113