Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:36
Behavioral task
behavioral1
Sample
8c7ab02b37ed0bb02045641324d92b09_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8c7ab02b37ed0bb02045641324d92b09_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8c7ab02b37ed0bb02045641324d92b09_JaffaCakes118.pdf
-
Size
31KB
-
MD5
8c7ab02b37ed0bb02045641324d92b09
-
SHA1
b0802f714bfd3f05364efa55e27b474e982e791f
-
SHA256
4ae571010d4a6478e04974814af9562791448541b2a02c4722933afb1c495436
-
SHA512
207cffcf35ea480745489bb2fcba123671391855d1b94547ff25d383880663efd99e796fe9b16a0e5cbb9030ac72ad4ac86fbb36d7ad8ef475285f18153a26f8
-
SSDEEP
768:NXuMZmwgCLWarwLB+7MbkxIfbUNqra/gF8GA8FU:NXFZmGWSMbQQUqrigF8GA8FU
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4680 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4680 AcroRd32.exe 4680 AcroRd32.exe 4680 AcroRd32.exe 4680 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4680 wrote to memory of 3260 4680 AcroRd32.exe 93 PID 4680 wrote to memory of 3260 4680 AcroRd32.exe 93 PID 4680 wrote to memory of 3260 4680 AcroRd32.exe 93 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 3904 3260 RdrCEF.exe 94 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95 PID 3260 wrote to memory of 656 3260 RdrCEF.exe 95
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8c7ab02b37ed0bb02045641324d92b09_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4680 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3260 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B32AA3A82A9976C942FF0506EB44534F --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3904
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3AB6A97F7CB56DFF3F9DAD68941F9A11 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3AB6A97F7CB56DFF3F9DAD68941F9A11 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:13⤵PID:656
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=89261E6A9FBC30B6D4F07E6F2D7BA996 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2420
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C7F45057E7B678831E8CC933F059EE24 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2040
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9465FAD0423868B690613CDB25A3A490 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9465FAD0423868B690613CDB25A3A490 --renderer-client-id=6 --mojo-platform-channel-handle=1800 --allow-no-sandbox-job /prefetch:13⤵PID:4332
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3D9705A4D926D11A5EBB27E99DC575D0 --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1688
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2440
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD51682fdc58e524c525f44504e21c3a5a6
SHA12a0fe48e0554aceb2e3bd42ce979fe9c1c0b4de1
SHA256c30c9749bb7f463993e769ca79ddd95f76331ef287625994bee59adce745bbcd
SHA512f71c19e41976f579358cbe06a6fa6d92eef4d5cf1c61366289c6fe718ecd8fcea2fabbfe0bf2f9abb9580884c7c69010e41f9e36a7e8a533527d891176b2f4d8
-
Filesize
64KB
MD52f96e009ac5f2ad1f36672ccc8b2cd5e
SHA12e51233ab5882b7ddb8b8bc49eddabd102dc3536
SHA25698b3432cb418f99f32d7fa6c64b507ee95d5661aa59834c42c3a16ab345012b9
SHA512f63d6229787c36ce98582bead3f43629630d41342e93656713b811d44db194c58884175fed6d12c5926f809e5c00dea5167b12fa0228d7daab951c16b4fa9686