Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 15:28
Behavioral task
behavioral1
Sample
8132454526b60db1d9888385876c776f_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8132454526b60db1d9888385876c776f_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8132454526b60db1d9888385876c776f_JaffaCakes118.pdf
-
Size
40KB
-
MD5
8132454526b60db1d9888385876c776f
-
SHA1
bf2aa76066b628df7b0687ba63b71bb6116be4c9
-
SHA256
a0ced2ac36301e5c93c03ec153d5c5e4024d97b6d66fc8f5c01e0aa8e595448b
-
SHA512
29e50ac3cc3f8daca2d08177e8d2ba4652802565be19e303b5bac3a3b9407639fd0d6ef2cdefa99a71b4a132b7b31ed0119da5a54d35274a3014db17b7e74ea7
-
SSDEEP
768:8gGzpDA7k5QDeofaw3Ky3cdkbLDKgvqmc6zCaxPCDDDCHTMHQye2:ZGFMfNb/jSBDnCHYwye2
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1360 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1360 AcroRd32.exe 1360 AcroRd32.exe 1360 AcroRd32.exe 1360 AcroRd32.exe 1360 AcroRd32.exe 1360 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1360 wrote to memory of 468 1360 AcroRd32.exe 90 PID 1360 wrote to memory of 468 1360 AcroRd32.exe 90 PID 1360 wrote to memory of 468 1360 AcroRd32.exe 90 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4556 468 RdrCEF.exe 91 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92 PID 468 wrote to memory of 4328 468 RdrCEF.exe 92
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8132454526b60db1d9888385876c776f_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:468 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AEFA706FB0EADE16BC28F9C7D14F4A0E --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4556
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7C32FD56CDF8A7B82528473AAFB173D1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7C32FD56CDF8A7B82528473AAFB173D1 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵PID:4328
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=776E4AF00921DAE692DF2B6A122B2247 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4004
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=72BF576FB6BAC0718854159DB0B321E6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=72BF576FB6BAC0718854159DB0B321E6 --renderer-client-id=5 --mojo-platform-channel-handle=1904 --allow-no-sandbox-job /prefetch:13⤵PID:3968
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1F8CD9D8449FA920F4679EACF9692F19 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3944
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=84B301ED211B2FA45A6CCE1C7A9DA1BD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=84B301ED211B2FA45A6CCE1C7A9DA1BD --renderer-client-id=7 --mojo-platform-channel-handle=2776 --allow-no-sandbox-job /prefetch:13⤵PID:1532
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FE233C5144F8B085EBE39164559B26E5 --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2640
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3592
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD50c89893f3537a3a00c3976575f83b02f
SHA1dd8b370d2b6f9a005ef2d11eff594157c88408c0
SHA256289a19a25fdcc9763880f75042fed9bec8dc53c89ea8ce9d39f85b11bdc64226
SHA512e4c2cf092395caafecd219c2b7709ae11eddf958c97017d171f42618d251915696b4b7c254a25d2061f8ad74794ee605688e7ab7de53ef6deb89085f572a0ae2
-
Filesize
64KB
MD52c339d3a070722f1107e4bce2d5b4d81
SHA175f657b1f6c2e77ee4b03685578544de82c1eca7
SHA2566f51da63be7ffb4500f047e2d1f4570f0253c6dbb5c09407664df0ea6fbb008b
SHA51257f3e229e956c5aad8e2fa5a2b3b5e10bcab72bfc4d74bee7912ed5c5cda40d70ef1d40d942b5f3ce45c2c8b3e504b37c320f35447e93c5e9e2d3cb9dc5d15ec