Analysis
-
max time kernel
145s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:05
Behavioral task
behavioral1
Sample
8c67bd5da47db121aa63450f4b8307c4_JaffaCakes118.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
8c67bd5da47db121aa63450f4b8307c4_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8c67bd5da47db121aa63450f4b8307c4_JaffaCakes118.pdf
-
Size
82KB
-
MD5
8c67bd5da47db121aa63450f4b8307c4
-
SHA1
c63e49914023e5278d0844d400b1ff7c7139ba7f
-
SHA256
3066cd31f5a34b129e2d134b371e5d40e220d0e8656e98edc56b050d743f12c5
-
SHA512
2ef82bcc15006419b05bbcd24769f2b8a93f21d5fd7718f86cc841b61ac3796110a0a28b8e3aa3ed73ca61803d5905372572d676a52243fdeee4d09f3a896638
-
SSDEEP
1536:SGFWp+U4X5NZP5aQ7eMZ32+8H2oIhTFtJaJIEet7k8QuQaX4:LFWp+U4XHZP5aP0hTTJiI/7pQuQh
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3364 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3364 AcroRd32.exe 3364 AcroRd32.exe 3364 AcroRd32.exe 3364 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3364 wrote to memory of 3176 3364 AcroRd32.exe 87 PID 3364 wrote to memory of 3176 3364 AcroRd32.exe 87 PID 3364 wrote to memory of 3176 3364 AcroRd32.exe 87 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 940 3176 RdrCEF.exe 88 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89 PID 3176 wrote to memory of 4152 3176 RdrCEF.exe 89
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8c67bd5da47db121aa63450f4b8307c4_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3364 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3176 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E25015677B1DEF17132F572F7C607025 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:940
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CDF620FEAB248AFC5ACDC3621578F9B4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CDF620FEAB248AFC5ACDC3621578F9B4 --renderer-client-id=2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:13⤵PID:4152
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8B1A0EF929F4FB1B0FD68738E1D61B46 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8B1A0EF929F4FB1B0FD68738E1D61B46 --renderer-client-id=4 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job /prefetch:13⤵PID:740
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EA72BC2FFD8EF424EDF2E1277CA0B7E3 --mojo-platform-channel-handle=2604 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1460
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B5088E48970D3D158BDBDDAE294898A --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1972
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E9252876EC343A9543B4716A7918F13E --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4516
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5f1fbb34fe4b60db31e25a42b922c0765
SHA1f980edf3288afbd962af984caec5927f9599d4b4
SHA256bb5246f1fd174dfacb09c7cdc6e60250ad7ee1e636f19790d40272670a43ca2d
SHA512c727b5eb0f8eb9fc3c015df66d4d4a4dc348ff703461c4aeaa79caea4da4fe9ff291840ce1884529f0c5fd6d1c87333294b2dde232e646c04db28e2bd2b0e92b
-
Filesize
64KB
MD5096c09f86e78c68383597f5dd91888dc
SHA1bc39a840557239ff7dfd6c670cad1824c9937789
SHA256ca8592e3108fcad3340004cd22fdd72d60a4fca22034349c47e0ff95d7ef3ff7
SHA51239b216311d784cf63b0492966c241af2d697b526c2d9f4d88d7772379c7635b057449e7196cbee32a2cc48b7eba09da70159d2400a609d4af2f731f7e350fc79