Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 06:45
Behavioral task
behavioral1
Sample
8d333876015bf572c6b296829567ea37_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8d333876015bf572c6b296829567ea37_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
8d333876015bf572c6b296829567ea37_JaffaCakes118.pdf
-
Size
385KB
-
MD5
8d333876015bf572c6b296829567ea37
-
SHA1
59b9c8af6bb58fb2f4286d6ff266a7f87c3753ec
-
SHA256
8873811c4fdff91ac25bf78532139d0b0ed69d306c34a333e51156aa606f3635
-
SHA512
b7c38d887e6e73e7a41d3faa7222e92696f428e7970ecf21d6c359461e34b0b1c39b24fae9f9da7c16488cddaad1affa666b018349f8398c886715ed0bb0b4dc
-
SSDEEP
6144:yX+98acGLYZo/7gRdNgM7seIGIbQyDbUTR+y3FT1yenXIeZcHn9juEitfOTtf:V8aeWMYTG0QyDbUTR+yfyeYeC9nitEf
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1560 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 1560 AcroRd32.exe 1560 AcroRd32.exe 1560 AcroRd32.exe 1560 AcroRd32.exe 1560 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1560 wrote to memory of 2924 1560 AcroRd32.exe 93 PID 1560 wrote to memory of 2924 1560 AcroRd32.exe 93 PID 1560 wrote to memory of 2924 1560 AcroRd32.exe 93 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 1364 2924 RdrCEF.exe 94 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95 PID 2924 wrote to memory of 400 2924 RdrCEF.exe 95
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8d333876015bf572c6b296829567ea37_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E093F5D557376F889DBAA8376FA800D4 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1364
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0A73BFF4F9430665F5E8F58E26E46662 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0A73BFF4F9430665F5E8F58E26E46662 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:400
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E680127345BED1F3106F35174C8C2873 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4748
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4FE5639B7CF638689EBD80968D871302 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2404
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0DAB8F8BD310F74B8FEAA3A06B089039 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0DAB8F8BD310F74B8FEAA3A06B089039 --renderer-client-id=6 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job /prefetch:13⤵PID:2040
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=75756D3B4B3F4A999994617CFE3C6261 --mojo-platform-channel-handle=2676 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2868
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1840
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD58669e162b6094f248c0a68a19218366c
SHA1cb7490610a44711a209949bbb4b9fae7a65997ed
SHA256b5ed0479d3df83566cc22339794f7cd569f718f2255dd305f3d2034afc9430bc
SHA51222f48850d6a332e54bf068f5b6405e0f18d7c2c233612130005beb9647f20625a0ce9d15928b338e2f8b796e09f257e49ef0693f08565850825dae6a4cfb9141
-
Filesize
64KB
MD54d37a9d0d02a1255c5bce5d8d47627ba
SHA1f195f5008dc6d700e082757f1469bbbfd2fe35ec
SHA25631bc77ab794cbba2e75b2a4c5f12cfafe567c17234a1fd0ef7a77a6cb697d379
SHA5129d7c4cd39def5c564e05a7fad07fa86c5745cbbe1f994d7a692d307dd5f8b9c3ceedaf187db881202a09cd11fd48656b7472ee12e58ee83a4cea8dfc4d36f48c