Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 15:28
Behavioral task
behavioral1
Sample
8132e5ed8eb20f253e8dbed15335e635_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8132e5ed8eb20f253e8dbed15335e635_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8132e5ed8eb20f253e8dbed15335e635_JaffaCakes118.pdf
-
Size
68KB
-
MD5
8132e5ed8eb20f253e8dbed15335e635
-
SHA1
af2c1dd458b3189c082b4926c56b571def837d63
-
SHA256
ca1533c77456541ea6e2434229523eb1fec469c75654fdd5c54d6aa0d30c3d00
-
SHA512
efe357ef274b5a7ecdb3e0f2ffef3ad75749816b20dfc845867f408305d673f4881943c1d5aa94a0c8d1d2e7ea6fd8b2da5c724b933e1e07bb055326956c1985
-
SSDEEP
1536:dGFVePfngRsQxs+aJUnaTyFRELfFfYWf8Ob9j49:gFVeHgRsQxs+XaTIRELfFfYWkObU
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3224 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3224 AcroRd32.exe 3224 AcroRd32.exe 3224 AcroRd32.exe 3224 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3224 wrote to memory of 5072 3224 AcroRd32.exe 90 PID 3224 wrote to memory of 5072 3224 AcroRd32.exe 90 PID 3224 wrote to memory of 5072 3224 AcroRd32.exe 90 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2436 5072 RdrCEF.exe 92 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93 PID 5072 wrote to memory of 2364 5072 RdrCEF.exe 93
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8132e5ed8eb20f253e8dbed15335e635_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3224 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=909DBA9A4F52D1ACED3ADAEDD65400A1 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2436
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7BBF5F241BDCF62870AB0A47DAA5AE07 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7BBF5F241BDCF62870AB0A47DAA5AE07 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:13⤵PID:2364
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B4FFF6BCF2572C45DDBA21D944D94C36 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3456
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5236D57B8314F4AE6B51300CC1D9163F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5236D57B8314F4AE6B51300CC1D9163F --renderer-client-id=5 --mojo-platform-channel-handle=1820 --allow-no-sandbox-job /prefetch:13⤵PID:3256
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9E92F28CCE66FFE5F9D213E39A733F4 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4236
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3B0C25BE37DD81C8D26E2B823E7EEB4E --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4004
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5aa05d364b1b936e2389dd2a54fd0b79c
SHA19529eeafab837cf1008cc99340938f85c33de8dc
SHA25604a63c74e26b86ac31b69237ff6973a9b584384b47a5fe1ec90c74ba943e03df
SHA5126db699e9cc23c254ff12a81e5cca21c8817115027dc584ca97002365b1af7e9831d43af620338f59e4b9eb399d96901e86dde1ac0a41f34601ee6e7ad6b1deec
-
Filesize
64KB
MD5c306f36588b39ba001c4d4dfdc2fdafc
SHA10cbdc6760cde8dbb9801aa74907f5c5d147bc899
SHA2567d2e92dd85116a5b145a90931e19e6801a180ccc2c99fff2ae840fec6558ab71
SHA512cde711a8225bedfd6d2699fa8e998cdb0b64d5fe24265b05e497584e7e860511a0610c437cbdb847bb6f110437a439f13f9c84c9ae68aae7bf178f142a2c22f4