Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 09:20
Behavioral task
behavioral1
Sample
a4d2810c5a64fd62fedd74185da78563_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a4d2810c5a64fd62fedd74185da78563_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a4d2810c5a64fd62fedd74185da78563_JaffaCakes118.pdf
-
Size
31KB
-
MD5
a4d2810c5a64fd62fedd74185da78563
-
SHA1
ad5fe67584abd1b4aa88a1b848c9511b2d985f39
-
SHA256
fbb16557bd7fc1659246640df200e03c762e85ed32fc68f6e6a8a6a467d16b6f
-
SHA512
e04a8b7b4431aad2af5afe2d6a54a19ce6364334af8d1cbd4455721f4d78d2ecd5030abcb2d022bb7922d476d97ee1a0539be6cc73a296e5938430f433130de5
-
SSDEEP
768:CXuMZmwgCLWarT3/RRuwUTFlXQPq0ZAUZNZ7IGS:CXFZmGWSTbuwUTFhUq0ZAUZNZ7fS
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4788 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 4788 AcroRd32.exe 4788 AcroRd32.exe 4788 AcroRd32.exe 4788 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4788 wrote to memory of 2676 4788 AcroRd32.exe RdrCEF.exe PID 4788 wrote to memory of 2676 4788 AcroRd32.exe RdrCEF.exe PID 4788 wrote to memory of 2676 4788 AcroRd32.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 5004 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe PID 2676 wrote to memory of 3232 2676 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a4d2810c5a64fd62fedd74185da78563_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1250F95467848E3E85798BF6D1CAD05E --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C03FDFFAC996A7A20B9C09457E81B6AA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C03FDFFAC996A7A20B9C09457E81B6AA --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=126B19094506CD495201A8A452D1E7D2 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F0A1DFE6325722CF1D2BAE3D1CE59D7F --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=16EDC49FFD2166F946C46B8FF5B27635 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=16EDC49FFD2166F946C46B8FF5B27635 --renderer-client-id=6 --mojo-platform-channel-handle=2108 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=09920D9F2209C0C3117CD2C5CC060DBC --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD55fe4e2f37c747bdf5cc1dae30f591e71
SHA10fe905bf41724b192ab41414ed6f508a603fc6d5
SHA25638f11b33dbd8e9b9477148223208b9fea566460f2a2b1f9e3cad427a788849f6
SHA51224047c82b77ca7516cd6251dea6530a8707089db200e1c7a70c768d9b04fa031d5d9f05e08be5e5ba6047b2a40f554be940e2d31e4133804bc5f3100159e8200