Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 09:14
Behavioral task
behavioral1
Sample
a4cc7f9da52b995d9049dc2e36025448_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a4cc7f9da52b995d9049dc2e36025448_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a4cc7f9da52b995d9049dc2e36025448_JaffaCakes118.pdf
-
Size
44KB
-
MD5
a4cc7f9da52b995d9049dc2e36025448
-
SHA1
49d2e2883ea0bb3178f7aecf57eb5f53a1bf8c54
-
SHA256
9b7ff7d3779b8af73c61b82ba5eae9fa6df45268610bd0a347f85451d24bf38a
-
SHA512
e9551f1cefa9b9109790940ffdb80d15d86c72b19170e2df49dfed12d6026ea08290b3de51c7b08efcd18ee6e5043df66c1ba096802904630aadfc10e4ff7271
-
SSDEEP
768:6gGzpDyBVksi8d4x/Kx3/RQ7sTl4lhEeKtbBKLEfeguUtv3lnGbgdJ:nGFmll47XUeg5t9nGbgdJ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4364 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 4364 AcroRd32.exe 4364 AcroRd32.exe 4364 AcroRd32.exe 4364 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4364 wrote to memory of 1420 4364 AcroRd32.exe RdrCEF.exe PID 4364 wrote to memory of 1420 4364 AcroRd32.exe RdrCEF.exe PID 4364 wrote to memory of 1420 4364 AcroRd32.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 1612 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe PID 1420 wrote to memory of 4656 1420 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a4cc7f9da52b995d9049dc2e36025448_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=28501B91D76AD1E3FB09831D8A2D3EF6 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F01FF643042A3F3D8301ED83879D95DC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F01FF643042A3F3D8301ED83879D95DC --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E0B1A49FB44E57649BF0904A9E6A1732 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9F4D654623CC274BAC250F3FDA271A3C --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2E7005B3DED5A92D8AA28F69DDB4A33B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2E7005B3DED5A92D8AA28F69DDB4A33B --renderer-client-id=6 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=64C4DA7B47EA275E35E3B54560DDB448 --mojo-platform-channel-handle=2540 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD5556ef3ba9359f1b329d2c11d8aed0a1d
SHA11b4e721d9e97a7ff815db7f9ed0e33851553fbd0
SHA256032472929716ea9aa98e66393f1adf75a344cb1f02b4c511a7ed384de1965e3f
SHA51280999a1c51d480425b77d4685935e3ca391da301e16b330c384d22dd2c429d74e0bbfb19c426401f4d7898a0d1145892ddadfa6a4752dbe76082afaca878643b