Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:42
Behavioral task
behavioral1
Sample
a368978911a1858fcc0ddf4c7895146c_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a368978911a1858fcc0ddf4c7895146c_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a368978911a1858fcc0ddf4c7895146c_JaffaCakes118.pdf
-
Size
184KB
-
MD5
a368978911a1858fcc0ddf4c7895146c
-
SHA1
3f8a64be0dcc58688aacb4764f2d931d9fa0db7b
-
SHA256
d0ade358f9197ae933e33ed17dd453e414569d9f138bb425ade15b47490b735b
-
SHA512
5be48c3e55c99f0edaade1b59f95de72de307e13e103319b447552ae6f3837525813e435721069cdfcb6e32a83e45e615ef9ffd9488aa4c3973216e9f46d846e
-
SSDEEP
3072:t2irbxzGAFYDMxud7fKg3dXVmbOn5uA6Kjnz/hNFy6pipTEZVZSp:t2MKlWQ7Sg3d4bOpdCrV3
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 3792 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 3792 AcroRd32.exe 3792 AcroRd32.exe 3792 AcroRd32.exe 3792 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 3792 wrote to memory of 4888 3792 AcroRd32.exe RdrCEF.exe PID 3792 wrote to memory of 4888 3792 AcroRd32.exe RdrCEF.exe PID 3792 wrote to memory of 4888 3792 AcroRd32.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4456 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe PID 4888 wrote to memory of 4364 4888 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a368978911a1858fcc0ddf4c7895146c_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3792 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4888 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C398FDAE653A8BA932FB5F2214D1C93F --mojo-platform-channel-handle=1708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4456
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2278CA9EC0C7E4CD92016C872D420181 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2278CA9EC0C7E4CD92016C872D420181 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:13⤵PID:4364
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D77B0458CA0F97CD94B35AED99BBA9AF --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1376
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A62E72C6216AE20F3311F29F1AC75FED --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1812
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=75DE73D9E0291FA8659AD30470D7F5C1 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2372
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0ACF0EE9CA51B75732EB33063E0192B7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0ACF0EE9CA51B75732EB33063E0192B7 --renderer-client-id=8 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job /prefetch:13⤵PID:2540
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b1cd64cb42b2f05871a27bcd444e2616
SHA14e8ad7cf3492d6c4ccdd6c4b7397a209dbf7a696
SHA25683bdc672d756ecffbf3e3ec1c2008256413af6f93df7a2fc099a4c23b58ff5b2
SHA5125c27d2925406f166df31f711717c5e78a6538c87cbb65463d71379b59dc2967a94712cdff470061ad96f94ee56eadeb7ad81300c9f485900db883ff3a14266c2