Analysis
-
max time kernel
138s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:03
Behavioral task
behavioral1
Sample
8c66dfe64a2abb956f4ff6996afc4f54_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8c66dfe64a2abb956f4ff6996afc4f54_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8c66dfe64a2abb956f4ff6996afc4f54_JaffaCakes118.pdf
-
Size
58KB
-
MD5
8c66dfe64a2abb956f4ff6996afc4f54
-
SHA1
d8dcc8de753249a295b5e82d1bc117d0b83d4c19
-
SHA256
39a13ee05d72333c2c5693bf02444089ab68f8ca3eae43f1002f5c58461c4142
-
SHA512
2cfda9b77d40a91dcb657c67510f0323df33b0dcd51325286bf983bdaa84db2966052322b4fedd1fd9eeb5c14630c524731843e1e48f61f9ec160b2908732ee1
-
SSDEEP
1536:NGbpUVLisHj4QvCgKmumOQrPMpVnWc8iEAHjIW9kjT8CksZiIRoAvlxFjQcu4XF5:NFDtKmOQDAT8Jy84yALsr2OvZpuWysWm
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2916 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2916 AcroRd32.exe 2916 AcroRd32.exe 2916 AcroRd32.exe 2916 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2916 wrote to memory of 4812 2916 AcroRd32.exe 86 PID 2916 wrote to memory of 4812 2916 AcroRd32.exe 86 PID 2916 wrote to memory of 4812 2916 AcroRd32.exe 86 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 1752 4812 RdrCEF.exe 87 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88 PID 4812 wrote to memory of 4904 4812 RdrCEF.exe 88
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8c66dfe64a2abb956f4ff6996afc4f54_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=00130FA7616FD24C7DDA00454FE95935 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1752
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CE019A6F2A554FB009ECAB8B2F0F1513 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CE019A6F2A554FB009ECAB8B2F0F1513 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:13⤵PID:4904
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A3EB5115EC2F24F4532B19FEBF6C49C2 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1032
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E09DE0BAD9A52C03A1998A7B0CBA53E7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E09DE0BAD9A52C03A1998A7B0CBA53E7 --renderer-client-id=5 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job /prefetch:13⤵PID:2180
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BFAFF72E2A747F6BE25DD9042439BA9 --mojo-platform-channel-handle=1904 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3904
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8BAE486E55B5D37BB841D812EE0A3094 --mojo-platform-channel-handle=2700 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2256
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5ba93a85525a06c8476badd1c0444e645
SHA1e9eb334ff6e3ac2ce383d226077db3032bd23151
SHA25644255c0051c69ab096d4fe9946f6c844e262444f2c0daa09644a92313ef67f89
SHA51212b7e73750ab92da9b14c4cb3b3efee474873ea39a72996557f433e3b24e845214f414f3377a3cb23f70d2df5909b56b8b6fe9364510c64dffb93f29a1b1271c
-
Filesize
64KB
MD5162842322bc30ea3788b1a39a8551099
SHA1eac6e1cf4981fe086f5caa54f197efbe3961f78a
SHA2565f607487f2de32a8a7cdd52002268766ab57f67ed2168f9f5f3392787ebd2cb5
SHA512f487b5a5c9ab2ab3cec393444708aa32cdd291281a0ad39afdf017f387f3db6295d1bbc91183170dd6833eefa8485ae4946b3664b7e722953bbf73183cb083a5