Analysis
-
max time kernel
52s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 18:40
Behavioral task
behavioral1
Sample
9f2cffe6fe6f439e7d3c56a23d2033cb_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9f2cffe6fe6f439e7d3c56a23d2033cb_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
9f2cffe6fe6f439e7d3c56a23d2033cb_JaffaCakes118.pdf
-
Size
34KB
-
MD5
9f2cffe6fe6f439e7d3c56a23d2033cb
-
SHA1
5ade909faf2023f579d78c14eab1d71801cf23d3
-
SHA256
4109f59b9a74589861f32df2e0c5acda3ee4f64831bec44175707b277f432bff
-
SHA512
4ae7e4042d79a9748fd07f18a97433898e2d96568e54654d5e60a8adefe0bc3c0572f992ca053a0c5b1cb2025f77b6a1dfc9b5e9c477a17117dd04a7c4e86060
-
SSDEEP
768:SXuMZmwgCLWarrhXJnPAVYWlkEfkinC1Jzk2aUV5EEb:SXFZmGWSZJRWlkwkinC11n5EEb
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1880 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1880 AcroRd32.exe 1880 AcroRd32.exe 1880 AcroRd32.exe 1880 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1880 wrote to memory of 4836 1880 AcroRd32.exe 85 PID 1880 wrote to memory of 4836 1880 AcroRd32.exe 85 PID 1880 wrote to memory of 4836 1880 AcroRd32.exe 85 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 2712 4836 RdrCEF.exe 86 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87 PID 4836 wrote to memory of 4124 4836 RdrCEF.exe 87
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9f2cffe6fe6f439e7d3c56a23d2033cb_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9244C9E878DDF31E2F61CD849652477A --mojo-platform-channel-handle=1692 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2712
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=057D78167DF981B8306476E263B8AD77 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=057D78167DF981B8306476E263B8AD77 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:4124
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=30014C03DBE3755C567BD39B8226DB27 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4364
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=81AD73A497F1125DBDC36187A8D2BF7A --mojo-platform-channel-handle=1940 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4472
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EC7E30DF34DD1619C569E2E285ACB3E3 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1452
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=37E884E39B31E93F812D109F959DC447 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=37E884E39B31E93F812D109F959DC447 --renderer-client-id=7 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:13⤵PID:4780
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD539858d1445182623466d29827ed7c2f8
SHA17c84e445cf7e7d09e86f71b6a2f46daba2b2a6a7
SHA256af1b726e3f38bb24174dceca375b02624a6418899f7afbab2e130f26f5cda8ed
SHA512e02dfbd0c68caf9ac0acdac263992491917c9aa4b46815516081084ecc2e17982952426ec96fbfc9437bd8a8cbfecdf00ecafa8b192057f59bfde3e440ac27c1