Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 18:20
Behavioral task
behavioral1
Sample
9f1f2c35e55b767138966cc76df6ebdf_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f1f2c35e55b767138966cc76df6ebdf_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
9f1f2c35e55b767138966cc76df6ebdf_JaffaCakes118.pdf
-
Size
36KB
-
MD5
9f1f2c35e55b767138966cc76df6ebdf
-
SHA1
b9ef3f91308ae97e42eca0d3a292a87c5328b843
-
SHA256
0fccfb51d3133f91e978b7b3ed515c779dd4b15afb29e995a1d5636f44d1a813
-
SHA512
b68b2c4f6f6f59b25abe8cefad0e87faf1113827b07d1c577dd07aa6d6583098bf6ffb5854ba99334df1103291bab15d94d7cacaf4b9bceaacde392448a38e6b
-
SSDEEP
768:wgGzpD4pls/PJYjUEviuVVZ3pbPLge34Iy1DIMnRfR+bUS1OVs5:dGFUpwypbX4ZDIofYbUOOVs5
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4236 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4236 AcroRd32.exe 4236 AcroRd32.exe 4236 AcroRd32.exe 4236 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4236 wrote to memory of 2264 4236 AcroRd32.exe 85 PID 4236 wrote to memory of 2264 4236 AcroRd32.exe 85 PID 4236 wrote to memory of 2264 4236 AcroRd32.exe 85 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 4628 2264 RdrCEF.exe 86 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87 PID 2264 wrote to memory of 2680 2264 RdrCEF.exe 87
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9f1f2c35e55b767138966cc76df6ebdf_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4236 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2264 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=36632C1D96891E116CDA94815F080877 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4628
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=758DC71AA0D9880A487876510A01D4F8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=758DC71AA0D9880A487876510A01D4F8 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:2680
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=91B5180258A28847227B9458E4EE5C2E --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3220
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=315EC57ED1A8E8300A2F91D613C41FEE --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1456
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8E27B563FD600000C23CF661FEDC3131 --mojo-platform-channel-handle=2388 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5008
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F8A8A46E3183217E0A5B13E57F9B8401 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F8A8A46E3183217E0A5B13E57F9B8401 --renderer-client-id=7 --mojo-platform-channel-handle=2364 --allow-no-sandbox-job /prefetch:13⤵PID:2504
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD55a7bfbb6fb22ae9026e204fc6b061949
SHA10f702e38275cd8060564913327f2604e23c25975
SHA25678ab70018e0c6a92bdfef7d39358f050c1771c349119131a1856c527a16b1d1e
SHA512a0e52d603f6a24f4a4e8f2935fc3827f610ce563a909a6c6afc5124622fffdde15f4e8f91eb98ee44f631e28fba9fe43e4d31ea7b7a76e01188cbc97f8170fff