Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 00:56
Behavioral task
behavioral1
Sample
a34230876f7b2b6bb7f2063e6d5934e4_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a34230876f7b2b6bb7f2063e6d5934e4_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a34230876f7b2b6bb7f2063e6d5934e4_JaffaCakes118.pdf
-
Size
42KB
-
MD5
a34230876f7b2b6bb7f2063e6d5934e4
-
SHA1
cc3121788c2b2f793298958264006f019730588f
-
SHA256
7c69ad4740e59a4245107d7d628199fd68f00a31f734c630a204cb52b6f4ed12
-
SHA512
b326f55665d81c2bc97202029dcc8615ffd3315073aa472e77754a4025750ed7da1fa95ed4f1cd6fdf387c95f5e52ca83125a43569311ce4ea44f9fc5b119d0f
-
SSDEEP
768:KgGzpDwFIJyUkSX+DXAU/FfrIZN2yCG6AcGhSUhhYX9Hw8dpXmw0J7Rupc5:XGFUs8QiIbHY6Sx8J7Rui5
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 800 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 800 AcroRd32.exe 800 AcroRd32.exe 800 AcroRd32.exe 800 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 800 wrote to memory of 1412 800 AcroRd32.exe RdrCEF.exe PID 800 wrote to memory of 1412 800 AcroRd32.exe RdrCEF.exe PID 800 wrote to memory of 1412 800 AcroRd32.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2836 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe PID 1412 wrote to memory of 2472 1412 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a34230876f7b2b6bb7f2063e6d5934e4_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:800 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1412 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A2E81F62C133E17A24D428C054D96314 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2836
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2C2C0C54823CBD1A7FF9BA0B301ED179 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2C2C0C54823CBD1A7FF9BA0B301ED179 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:2472
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8A6EF3EE47D58AF63D7E0483B2B9B324 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1548
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=102BE4FCDE8165D7714D9C66F2F6A5E7 --mojo-platform-channel-handle=1900 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3500
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A3D3008BD087A88DC374C8E52E2376BE --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2864
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E7D6970257852791EE300BA731B199F6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E7D6970257852791EE300BA731B199F6 --renderer-client-id=7 --mojo-platform-channel-handle=2500 --allow-no-sandbox-job /prefetch:13⤵PID:904
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD53286abb4efc42312a9743cb1c92281ec
SHA10b932bc37edc19a822c7e8cd091c127a7a569828
SHA256bd5498a6a5c373465d6b502ee27b9bf9175a4c5575d53461a56264cf270ffa87
SHA5122bd29beb811fc4c958c2cfca6e1e22f07d19c07631231ec26214c156f22070ad9352ea262ae305434f3ea055f1a407050d566a28e200fc2bb3fd65c8829b61f0