Analysis
-
max time kernel
51s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 18:32
Behavioral task
behavioral1
Sample
9f27e3de2ef3a849c1e295817567bead_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f27e3de2ef3a849c1e295817567bead_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
9f27e3de2ef3a849c1e295817567bead_JaffaCakes118.pdf
-
Size
49KB
-
MD5
9f27e3de2ef3a849c1e295817567bead
-
SHA1
abc732f58d8d707b2e1bc2c504c09acefcc550b5
-
SHA256
6cabc7de5eeb32cfb904f3f21a0513d7c85850397232cfe1b6a2a92838c97020
-
SHA512
68c1ae1ac2cd8eca5a5c542e44a5276b9b113f8eb56f9507f1d90484ea50f144483c31441e766b6deda47dfd9a4727a3f5a38eb83739790d08861057823f2c15
-
SSDEEP
768:VgGzpD4yH8lraFzMqeSQVj6SNTSP3ewIr+DKRZJ90vonwtdTPup1gO7qTyozE:GGFkO8lraFwqmM4j98rTP01RozE
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4584 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4584 AcroRd32.exe 4584 AcroRd32.exe 4584 AcroRd32.exe 4584 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4584 wrote to memory of 2724 4584 AcroRd32.exe 86 PID 4584 wrote to memory of 2724 4584 AcroRd32.exe 86 PID 4584 wrote to memory of 2724 4584 AcroRd32.exe 86 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 1304 2724 RdrCEF.exe 87 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88 PID 2724 wrote to memory of 3100 2724 RdrCEF.exe 88
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9f27e3de2ef3a849c1e295817567bead_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4584 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AEA7E5F6533A0E58C19663C6BDA80E68 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1304
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=74A7C970FA69A9A52128D66B3F5EEB36 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=74A7C970FA69A9A52128D66B3F5EEB36 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:3100
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BBE43111DE7B74D712A090C5DFBBFF99 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:736
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=792C06D9DE2EDA1401B7684DBF3F03FF --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1560
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5D5F86336562EED74B2E80A58C4C1505 --mojo-platform-channel-handle=2532 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4332
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=98E64937544B3C3BD1D9431628A0A0FB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=98E64937544B3C3BD1D9431628A0A0FB --renderer-client-id=7 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job /prefetch:13⤵PID:2856
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD566cb5b20648b577e03cdd80618fdbeb7
SHA1ac650d989f254c1d8fbd3004276d1380f971e832
SHA256887539a7abcd4f72cfeae6fd9d0aa89ff875cd0246baad07024dce8e26bf927b
SHA5124e64a5454e104dcf759a61892b94231c6e1ef94707704531b168eb77ae7cda7881ea3a5f3b133608b753ce732969aa5b6649fdd7740158c53ab3e2de97048fde