Analysis
-
max time kernel
51s -
max time network
57s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 09:31
Behavioral task
behavioral1
Sample
a4dc0b4b1466c0b58f793f6c5db28af3_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4dc0b4b1466c0b58f793f6c5db28af3_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a4dc0b4b1466c0b58f793f6c5db28af3_JaffaCakes118.pdf
-
Size
98KB
-
MD5
a4dc0b4b1466c0b58f793f6c5db28af3
-
SHA1
ce3d28f8877aab8360efb9b3885ea288018d6974
-
SHA256
57cc9cad33cae1a8770d9365ae8ace3f0edeb5c850bd406ff5567ead329e0e0f
-
SHA512
7d7a685578ee24a3e5424ae67ebc46c14e94994944295420d8bace0c0ecf22b0a941c2cf9b5c9e69075e6003c8ec528ff1e686e7943688ad9c77b62b1c00867f
-
SSDEEP
1536:gGFOpXOg2Fvsh/dZqzF0VaGX91aqgMOkLRa7Q7XlwNWgNjzQtCFBxsQGwwsb00Vk:tFOp+v/qkGX91EzdSqZjgQG7XBfFUkT
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 2520 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 2520 AcroRd32.exe 2520 AcroRd32.exe 2520 AcroRd32.exe 2520 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 2520 wrote to memory of 4704 2520 AcroRd32.exe RdrCEF.exe PID 2520 wrote to memory of 4704 2520 AcroRd32.exe RdrCEF.exe PID 2520 wrote to memory of 4704 2520 AcroRd32.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 5072 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe PID 4704 wrote to memory of 4244 4704 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a4dc0b4b1466c0b58f793f6c5db28af3_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7BCE535986AB28B69A70901A55E95F13 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6BB01B45102C39F44528DD066BE4E469 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6BB01B45102C39F44528DD066BE4E469 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F3802AC6D5E118B4897E9FFB99659E7F --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CA5E2EAE743A5630CB14CCA085F8A264 --mojo-platform-channel-handle=2412 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D80BE9E5D9F43D65340320DF16C75D34 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E966530DB0851CA25FF82B2A15C47739 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E966530DB0851CA25FF82B2A15C47739 --renderer-client-id=7 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD58fc0647d54b603ec1f5042847e354b38
SHA135a2ea4cb809dac312d699a05ea9d8d2bb5e29d2
SHA2560b3e9a006bd8d24f4f4fb59a2c614548b74aa647a66863743814aebe81c4e4b8
SHA5129f90aa2644efc4a957704b6417530d75d1ded08553e6512b9767959f01bb814295eabe8d56ede21404249be1272646fa84d62ab5e30f0875f8074c9767e94341