Analysis
-
max time kernel
141s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 01:51
Behavioral task
behavioral1
Sample
a370af10b94fd8119f226825d784563c_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a370af10b94fd8119f226825d784563c_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a370af10b94fd8119f226825d784563c_JaffaCakes118.pdf
-
Size
187KB
-
MD5
a370af10b94fd8119f226825d784563c
-
SHA1
d9487a3ea3e7e07cece1fd3d0763d418fa16cd48
-
SHA256
33c2f8bd6176744f69db7d1886d5c3fa88d0e0692d6ed0c1be2a7da4086cae47
-
SHA512
c92c3951d0189993bb4e45954f064ef05017f4c45a7e65c80676788e99b20f1662064e44379ffc92304599c0082276081a055574991ddb066c6aec98ca9dc507
-
SSDEEP
3072:82irbxzGAFYDMxud7fKg3dXVmbOn5uw6KjnMmpXTGMJbxh90i7NzO1jI4TYcnSM:82MKlWQ7Sg3d4bORYMd39AJYy
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4448 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 4448 AcroRd32.exe 4448 AcroRd32.exe 4448 AcroRd32.exe 4448 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4448 wrote to memory of 1620 4448 AcroRd32.exe RdrCEF.exe PID 4448 wrote to memory of 1620 4448 AcroRd32.exe RdrCEF.exe PID 4448 wrote to memory of 1620 4448 AcroRd32.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 3548 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe PID 1620 wrote to memory of 1988 1620 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a370af10b94fd8119f226825d784563c_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4448 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1620 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=04FB0A378954814D0E9C71BF42775001 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3548
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8D3D0566D706F7D69B0B41C86AEA034D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8D3D0566D706F7D69B0B41C86AEA034D --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:13⤵PID:1988
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=411AB56F3DEF1E4FA19E217AE9170E08 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1288
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=209BE2CDE1933F324C07E3EECE65901F --mojo-platform-channel-handle=1916 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3368
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B341F20CCED668F9D1BB1F5285F03E88 --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4880
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FC214D1A2DA3258247AF9BDDBF98389D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FC214D1A2DA3258247AF9BDDBF98389D --renderer-client-id=7 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job /prefetch:13⤵PID:4032
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5fab8a0fc6b4a8eff290eaca93fe70062
SHA105d914d98031e484539b79a2477e05374b7de1af
SHA256605b829c32498522a6587b3e3cd5ae6de8b9d79cc50fd456f2bfcd24b9e5e448
SHA5124040282efbb5ce874a1f5519c26ee01357de0e5a985bca521308c452b1c849bf24e37d4e0a6b67d3f8185efb48975051c3fe82b124586ad3ea87f74f474bd524