Analysis
-
max time kernel
52s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 02:45
Behavioral task
behavioral1
Sample
a394a977729c8154b96d69868117ad35_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a394a977729c8154b96d69868117ad35_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a394a977729c8154b96d69868117ad35_JaffaCakes118.pdf
-
Size
42KB
-
MD5
a394a977729c8154b96d69868117ad35
-
SHA1
068ce9dde5524e75bded836ab03c073a0724f699
-
SHA256
c972a4568a68888c2db4fe8fc5ef224a8af5a33ea56101cfd1e195a31a6e69f2
-
SHA512
a77a9b6757d2182c0337d338c53a77ba5ddac9bcffd4c05a978ea2a0e3058052c2def779f0a82610ad98dbee67d058116215770d5527a5eb606e41b63cd773c5
-
SSDEEP
768:6gGzpDKpzou+jaiPOsCUG6w+od09Wl16iaULW8xMqGiY8MlTG9utAsWpp:nGFup8xjaisU1w+oN1h/dxMqGiZUGsW/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4268 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 4268 AcroRd32.exe 4268 AcroRd32.exe 4268 AcroRd32.exe 4268 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4268 wrote to memory of 1000 4268 AcroRd32.exe RdrCEF.exe PID 4268 wrote to memory of 1000 4268 AcroRd32.exe RdrCEF.exe PID 4268 wrote to memory of 1000 4268 AcroRd32.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 1904 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe PID 1000 wrote to memory of 4916 1000 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a394a977729c8154b96d69868117ad35_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4268 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1000 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A6DE0F23431A53ACA317B850D92B770 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1904
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=313D50BA2D3D7EE617309F361244100F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=313D50BA2D3D7EE617309F361244100F --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵PID:4916
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=702CCBCFBF63D9FCA092BF36762A3EAE --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3576
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C109BE43144A45F6D273E5923193A4F0 --mojo-platform-channel-handle=1920 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1616
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AD07DDA59673B0771DA7DDB208A53422 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4024
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=972C1A6FEEFB95D35452169CD7FA7F85 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=972C1A6FEEFB95D35452169CD7FA7F85 --renderer-client-id=7 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job /prefetch:13⤵PID:1340
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD575cfd5e3922bd5bb4b935031a341e1a5
SHA13bffb58f0d278834dd044ec709d425493704dfce
SHA2563d591d439bf3655a10fca31b842488f3aed35c824c78dcc805702f8af7d9a45a
SHA51239f2a6c8ad32d8441c8edb88735c4b1825b9edca33c36ca9a6dbe609d99b73daeffd3b3696e2dfda8fee3324f7f841321cd92c95bf44715f3e1cb72cb66fd164