Analysis
-
max time kernel
51s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 09:19
Behavioral task
behavioral1
Sample
a4d1cefb1287310a0ea5775348777c15_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a4d1cefb1287310a0ea5775348777c15_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a4d1cefb1287310a0ea5775348777c15_JaffaCakes118.pdf
-
Size
50KB
-
MD5
a4d1cefb1287310a0ea5775348777c15
-
SHA1
4aceb142a80689218590cb56be737fca6bbe4a17
-
SHA256
490036d4dc9b5534de1bb95a379a991d7a81d06b1f61a2e5ba927b529b0dac51
-
SHA512
59978cac7741fe785b93f1e96515d4446e1a6ac4847a3a093018c9b18bab624f39f0c9014f3af88ad957d64e03a3a56395325720f12c5ae0fe95615f32132531
-
SSDEEP
1536:pGFGprxb8t7tsBm+/+p8EELtbMDC1Ldbg4/:8FGpJ8rzl8E0eod3
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 856 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 856 AcroRd32.exe 856 AcroRd32.exe 856 AcroRd32.exe 856 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 856 wrote to memory of 3152 856 AcroRd32.exe RdrCEF.exe PID 856 wrote to memory of 3152 856 AcroRd32.exe RdrCEF.exe PID 856 wrote to memory of 3152 856 AcroRd32.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 2952 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe PID 3152 wrote to memory of 1612 3152 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a4d1cefb1287310a0ea5775348777c15_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=69A284A8AAF741B70C042FAB9CE6E0C9 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=003DAB875F122B37D3D26191C4F1280D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=003DAB875F122B37D3D26191C4F1280D --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8CC178C71D426B1E0319CDE896F7C0DD --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F2AF0793C1FE0C850623275F217B3FCD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F2AF0793C1FE0C850623275F217B3FCD --renderer-client-id=5 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB3E359C067BDB35E6C962DD607E68D5 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B609BE735784C216EA57F68F769C121 --mojo-platform-channel-handle=2380 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD5b6b39003da046d12c2ab2d0b61c3a0ff
SHA1f9fd987a989de7197edf3a9c90819655ed7a891f
SHA256265d724fa33069ce23b69614826033dca431ed5e3fd1993d473c9e8d5883deb3
SHA512a5eb00eacea81cac0c6544b2b0bd46ef21bdb58461a8dc342b448a45b5982e4c3bb70f03225ff169ade3239948e85fccdcd788f63e6036125a86e944463ae90b