Analysis
-
max time kernel
132s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 15:08
Behavioral task
behavioral1
Sample
8127f1df4a23369a8da1ccb19f6d0390_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8127f1df4a23369a8da1ccb19f6d0390_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8127f1df4a23369a8da1ccb19f6d0390_JaffaCakes118.pdf
-
Size
40KB
-
MD5
8127f1df4a23369a8da1ccb19f6d0390
-
SHA1
3ae6905ad5bd480f6f0bd4c98b1b8454107ea502
-
SHA256
daee5ec14eac9e98bd09c7eb109c3f0f59d7e839a705c4f4fa9d717580fc9f0a
-
SHA512
782e415150b9a42a52f5f0dbe629226cfd8f9b617845ca0ee0568cfda9754be7726af287ce52f4c79861124f3dd8a00257fe8dd84df4315a1119c8fb18cc728f
-
SSDEEP
768:+JiQGzPXour39Xbm7XZxydncUSl1ZrdKvACclTSnSECqPBgiV9p+WWiaTWogL69r:QJGzPXR3mNRRdqPG6haTWo796cYo
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2968 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2968 AcroRd32.exe 2968 AcroRd32.exe 2968 AcroRd32.exe 2968 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2968 wrote to memory of 3916 2968 AcroRd32.exe 86 PID 2968 wrote to memory of 3916 2968 AcroRd32.exe 86 PID 2968 wrote to memory of 3916 2968 AcroRd32.exe 86 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 3052 3916 RdrCEF.exe 87 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88 PID 3916 wrote to memory of 4160 3916 RdrCEF.exe 88
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8127f1df4a23369a8da1ccb19f6d0390_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3916 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6214366E775366828F0449B3709A8EED --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3052
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7C15C30242A3CF9DC9944B2955F20302 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7C15C30242A3CF9DC9944B2955F20302 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵PID:4160
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F8CC124628A5B067A78BAA31F0991930 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1808
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A82F00ED8DA22F80B5BC16B557D973BA --mojo-platform-channel-handle=1940 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3256
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C2DF76123A5E9FF20C98C85BDB8CDC9 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:740
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C9239B61EA33BCB572D853B210CE8F5F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C9239B61EA33BCB572D853B210CE8F5F --renderer-client-id=7 --mojo-platform-channel-handle=2516 --allow-no-sandbox-job /prefetch:13⤵PID:2292
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3276
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5514269c79d92519570b2c3159ced6c55
SHA12de2517ab7f4f976dbde0b1c5fb80646cf6417ae
SHA25602b349d676790c43dfa300cec39d477b426cc4148de87039b83e74e56fdf2929
SHA512759a12e96ddfeba87a17192858aab572b3c98c15e4ece08e0259315ec54a826c8709325ee42090fb336fc2a8beb2d4242b6bd3e4004e91df1d1b44956f30bde8
-
Filesize
64KB
MD53aeecca401736e3271da34b68bb9f947
SHA1468be745455af8501fd5831ee3220b59b1ad08cc
SHA256859d13d1b25923fe8338e6269b48d8b1bfab08802908e848298fc3d41b014a8f
SHA5120d522e007cd39883d11627c44b30f0846e2b2837d051a02e43dd7937098830c17cd06c97bb8f616f62ac645b8fda5945ff6b3d8f28513af96691bcee3b5e76f1