Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 09:32
Behavioral task
behavioral1
Sample
a4dd67631f52d05abbdabbf04c433210_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a4dd67631f52d05abbdabbf04c433210_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a4dd67631f52d05abbdabbf04c433210_JaffaCakes118.pdf
-
Size
61KB
-
MD5
a4dd67631f52d05abbdabbf04c433210
-
SHA1
829cf9e113b53b55100dfaea1eac025ec4c99c40
-
SHA256
4dfb149955d13c3ec2766456cd10ae17724ec3d976017cf6dca6e3f2a7ed2baa
-
SHA512
a392dd9f493e7e2537fb66cc3d814d5aad74f9ba83a438eadeb0c817b29a33687bb5c9ef0f9518d9849a802767f2fc55fd00e577e605bdd69bdef765b557d072
-
SSDEEP
768:GPgGzpDyBVksi8UGXfsKs2Adx9cLh3X5GXB8fPL0F/c1f1I9YBYJ8Y++iOx8O4cg:nGFmxfj6YSYeLv/iHjIcq5gyhyf
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 2068 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 2068 AcroRd32.exe 2068 AcroRd32.exe 2068 AcroRd32.exe 2068 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 2068 wrote to memory of 2804 2068 AcroRd32.exe RdrCEF.exe PID 2068 wrote to memory of 2804 2068 AcroRd32.exe RdrCEF.exe PID 2068 wrote to memory of 2804 2068 AcroRd32.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 1296 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe PID 2804 wrote to memory of 3088 2804 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a4dd67631f52d05abbdabbf04c433210_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BD37E9B8041E2BB67C902E4407D72F43 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A5BF5F87DF38EB6CEADF6C60425F0CCB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A5BF5F87DF38EB6CEADF6C60425F0CCB --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4868185FB62CB93FEC3CB252B12DA703 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8863D856B8D87E3B0239D2BF4693D452 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8DD8AB4B9B8E09C552B69E168BBDA234 --mojo-platform-channel-handle=2112 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=107FF0AA7E4127707229A3FE38E4223A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=107FF0AA7E4127707229A3FE38E4223A --renderer-client-id=7 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD5b5496f6e52e7b447ab767f87e1956a75
SHA15da2f4f4eaebe2dfd0c6aaa94bdec898a6a423a3
SHA2568918dad42496265e9cf31ef0d717c0eb268eb91dfb5d3993c97db1a0035e63ed
SHA512aa3a837d8c46c5dcb717edae5e6a06d7958804800287a19050c8d04e29e0ca0ecbf1aadfbe2bb5dbca80d83ae81d90b5b7982a7544f6c7006d4e7d10bf98b3fe