Analysis
-
max time kernel
141s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 18:37
Behavioral task
behavioral1
Sample
9f2a9d6db7734744be3b946e495bba9b_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f2a9d6db7734744be3b946e495bba9b_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
9f2a9d6db7734744be3b946e495bba9b_JaffaCakes118.pdf
-
Size
43KB
-
MD5
9f2a9d6db7734744be3b946e495bba9b
-
SHA1
192c9d7c8fc8ab6d39020457049705d782900eea
-
SHA256
222da1d15561c1cadab795613717e61b478cf2e62bcc184939963abd84d24084
-
SHA512
6dd4fb97edfd60a287da3b3213623dd4b0ddebfe1979d761fa2e865bfee201f5c0ad65a9bc8e34d86cef867a8e80e830ded4956bad473e04fcb0ffcc2ccb778e
-
SSDEEP
768:AgGzpD6pWu1yxSGaWNIpUSwLzk+8k2DYxxqVDxB9pTyvfDkYCsp4t6LML7N:NGFmpWkgzkllF9pAp4t6LML7N
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3008 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3008 AcroRd32.exe 3008 AcroRd32.exe 3008 AcroRd32.exe 3008 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3008 wrote to memory of 3408 3008 AcroRd32.exe 85 PID 3008 wrote to memory of 3408 3008 AcroRd32.exe 85 PID 3008 wrote to memory of 3408 3008 AcroRd32.exe 85 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 3936 3408 RdrCEF.exe 86 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87 PID 3408 wrote to memory of 1540 3408 RdrCEF.exe 87
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9f2a9d6db7734744be3b946e495bba9b_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3408 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=00165780656958A1E37E535DC870294A --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3936
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9E7171AC21FA6C1C534B9590F8F6C66B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9E7171AC21FA6C1C534B9590F8F6C66B --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:1540
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DD630D2E7985806A1BF918C359705EAD --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4932
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9F3B467077A7F234004A4E972444E3B1 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2980
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C28CE39F6B9ABC7ED1A5C786F56321E2 --mojo-platform-channel-handle=1888 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1792
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=87D329EDA1A5CBB328B6E3FBF09274F0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=87D329EDA1A5CBB328B6E3FBF09274F0 --renderer-client-id=7 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job /prefetch:13⤵PID:4008
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2908
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD559d7ed5462c2c31f4aed13a21c5769d2
SHA1de9cc69101c53d7afcda3205c82b918fad584d55
SHA256be9ed013234c80ed3fe1dfc397ed5cd139413579af94ed47fd0c04d01f80eb1e
SHA51243b8ebb904c772ce4029cc52e5d91df3014f2545889b9688cb1d25913e900428bccd576b5e14fe8de4ea03cdd3a75af608b0af4272bb1ab87245a77a07a3e291