Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03/06/2024, 08:00
Behavioral task
behavioral1
Sample
910917459c37a22b3640053cde82381f_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
910917459c37a22b3640053cde82381f_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
910917459c37a22b3640053cde82381f_JaffaCakes118.pdf
-
Size
38KB
-
MD5
910917459c37a22b3640053cde82381f
-
SHA1
d7d9133b7494aed55038d717bb0a067e28fe1d9d
-
SHA256
701f23fc3695dc5e784ff7fea29dd1302f730a9b94836699e91d48ac61bbb0f7
-
SHA512
daefa1282e6521afb86c729b8e8129ecfda7c438e4bc55738cd6147c16ca46a642a986abe0a5fc769a2c184af6b45b0313dc4c87c26bbe9254ec84e04a19c286
-
SSDEEP
768:VgGzpDbpvGnvT3/Cgph5y6+s5T5Q7w9VotPrlALh:GGFHpW1i7LtTCh
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1628 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1628 AcroRd32.exe 1628 AcroRd32.exe 1628 AcroRd32.exe 1628 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1628 wrote to memory of 2172 1628 AcroRd32.exe 90 PID 1628 wrote to memory of 2172 1628 AcroRd32.exe 90 PID 1628 wrote to memory of 2172 1628 AcroRd32.exe 90 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 4044 2172 RdrCEF.exe 91 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92 PID 2172 wrote to memory of 2256 2172 RdrCEF.exe 92
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\910917459c37a22b3640053cde82381f_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EFF648CD2A260AE8FA794A31ACB57AFD --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4044
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4606AF2ADFA5DBAFDF1F7AB754D2D0C4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4606AF2ADFA5DBAFDF1F7AB754D2D0C4 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:2256
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4BE95A509239F7DC4C86C09C99615E70 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3120
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1EDAA82F7D32BB94CE7B31450DC5F849 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1EDAA82F7D32BB94CE7B31450DC5F849 --renderer-client-id=5 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job /prefetch:13⤵PID:4872
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FD5DE14358973F453D3C87C257E13447 --mojo-platform-channel-handle=2844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1216
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=43B129171A67C9B47F91C045C85E054C --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4160
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2540
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5027f8c969964c471dae92f3327ab621f
SHA1ca3da3a9eaf18408b0ab268dd688bdc5d9c9a593
SHA25665e38f95db7a792d80e3d6e8d663c557ff7e326af763ba92256d02ca70361a90
SHA51242cdd8856bc7eb9a93853eaece0d254711a934d5735934ddd8f40c0c5e85045439169d80e59c4be98dc13c7b1fd5f2bee48f4fb62b97707b8329cc298d00773f
-
Filesize
64KB
MD565dd21c57f09ffc7c279b14876ef7be6
SHA183492896f447b929b479d72bf34321369627f15b
SHA2569be8bc030ecec41d14aaf3e5f2a9e264fc3a68bcd2c089b3e3a868ded90b6700
SHA5123cffca1292fe5c08626c9b8c86f8f49dc68c61c16daebf9a1ac356f14923b26da6c1be19e03f1bb2f47a7da06ab507c46557ecc9b1ac328cf4187b765e4d6911