Analysis
-
max time kernel
133s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2024, 14:15
Behavioral task
behavioral1
Sample
846f6e11f2406715467168008f3f2e37_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
846f6e11f2406715467168008f3f2e37_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
846f6e11f2406715467168008f3f2e37_JaffaCakes118.pdf
-
Size
14KB
-
MD5
846f6e11f2406715467168008f3f2e37
-
SHA1
b445ff053d1a6fd5af5a664c923acd663ba5adb3
-
SHA256
5860f4d7b35974a9845c7c0dbf6f97c5d5fb026928709fedfc2955b245f922cd
-
SHA512
1bbbef28284d1b9fd890f48027048fd2426c0ab29505cf0656cf205d2a0220fde7570fe9cdae7876d47440445fbb48510e8c76f1c6f982840a2ac59895139c54
-
SSDEEP
384:VzLP9Pz1YDAhl8A88ObBitQkHI2YhRG1n9EEqQrTw/G53dnPhAMM/FWPR6fvVWEw:VzTxz1YDAz8AXOlEQko/hw19EtQ3wO5D
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2648 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2648 AcroRd32.exe 2648 AcroRd32.exe 2648 AcroRd32.exe 2648 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2648 wrote to memory of 1572 2648 AcroRd32.exe 92 PID 2648 wrote to memory of 1572 2648 AcroRd32.exe 92 PID 2648 wrote to memory of 1572 2648 AcroRd32.exe 92 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 884 1572 RdrCEF.exe 93 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94 PID 1572 wrote to memory of 5012 1572 RdrCEF.exe 94
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\846f6e11f2406715467168008f3f2e37_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1572 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0A227CAE9861B197E11BAB74ED3CC319 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:884
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=42A1DB09A2F330223AA8920C8CE33154 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=42A1DB09A2F330223AA8920C8CE33154 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:5012
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3111A57637EA92D6B87CFE249AA6070E --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1712
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BD18A6FBB304E652E01ECEA5E57DD2D4 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3308
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0290B689AAD2D6E73E6CDBB1187B2261 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0290B689AAD2D6E73E6CDBB1187B2261 --renderer-client-id=6 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:13⤵PID:1988
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F0E247B2E94C3CEA61EAB916AAF61245 --mojo-platform-channel-handle=2560 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3052
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD53295e7415795817d5c3c9cc400629590
SHA18e15e6be6c2e51565cb30f59f480483d50f09229
SHA2569f7ab3d9c8fdc460722df1a253e4232af539bd08424c6656d4cd87346e9dcc81
SHA51212e0c310bb03c907e9f3b0b2274acfa8db69207c5481a4857d2f6932fbb140bb413342565a058d85763161bb5967719c6d269bf991e24d4ea7362aae90dfb9cd
-
Filesize
64KB
MD5de665e2e51d86d774927f06994a7774e
SHA14efc9fdea8e0d3b4a7c0f115342da1cdbf46157b
SHA2567cb3d45a686b14d705dc7a1e811c3b727d907d970658df90174ba01f7dbea047
SHA512f42e53a6598ec22a38988ef6d72adffb444b57b36adbb09bbb8bf23a2f4dca389874fb65e43454aceea2a731ddc496f72e71dd94970961a5d53c70bdb2744306