Analysis
-
max time kernel
51s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 09:25
Behavioral task
behavioral1
Sample
a4d6a2491d90a87470a3d59bd1742e18_JaffaCakes118.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a4d6a2491d90a87470a3d59bd1742e18_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a4d6a2491d90a87470a3d59bd1742e18_JaffaCakes118.pdf
-
Size
36KB
-
MD5
a4d6a2491d90a87470a3d59bd1742e18
-
SHA1
b5186477f188ff2f4bd5c131ded5db9b2c5cb067
-
SHA256
2455e2b352cc7b8840a8fbb5e769c34826cc1d5400218b264f65d8cdd79bf45a
-
SHA512
4dca6337951ead8b0525a01c8f63a86f63775877cab73e45671fe78bf25726b1db700408f651a74e26829ca1d0499b858bf16130b67bcad9001d73fee9cc25f7
-
SSDEEP
768:IgGzpDSpcLZSTO3pd9w/F0ibsOeoeGBR0RWJufP8zROeBz2dU9/RQi:FGFmpBds4tsRWJuXGzBydUgi
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 1968 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 1968 AcroRd32.exe 1968 AcroRd32.exe 1968 AcroRd32.exe 1968 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 1968 wrote to memory of 1928 1968 AcroRd32.exe RdrCEF.exe PID 1968 wrote to memory of 1928 1968 AcroRd32.exe RdrCEF.exe PID 1968 wrote to memory of 1928 1968 AcroRd32.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3856 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3092 1928 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a4d6a2491d90a87470a3d59bd1742e18_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A61F52DBA3E78BA5C44BE9F053462E22 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0E5B3BFE5B51E2B440886B75D364AABB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0E5B3BFE5B51E2B440886B75D364AABB --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4957DC78FE652C2063777D5D32B81473 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B2D12B49477F892C86785062EACC202 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=23D8A939B6A77144F81F3633CAD65BDB --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=227E40DBB177A5E65A51DEC33F8F7BCE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=227E40DBB177A5E65A51DEC33F8F7BCE --renderer-client-id=8 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD5c78dbf673c575684c2a852feb2e15d79
SHA1672f38ca956f8247a0b29ddc8599a817c26e3017
SHA256a1141da9a6d4f2d944d5bd1f9ad409ea12399c8b6b19139f86022492fcd34939
SHA5122270e7ec08324e401369eb6368ba07f920a8b6e2df0430e2e1171bc795a64acebe8f16898a30e142bb272963f7425dd915d04f01015a3f606bf9e340bff9cb6c