Analysis
-
max time kernel
79s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 07:34
Behavioral task
behavioral1
Sample
a88b22b86aadb322474560d7d3d69389_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a88b22b86aadb322474560d7d3d69389_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a88b22b86aadb322474560d7d3d69389_JaffaCakes118.pdf
-
Size
53KB
-
MD5
a88b22b86aadb322474560d7d3d69389
-
SHA1
ac7e6d7464073e962c2240b9b79ce196f12727c6
-
SHA256
1c22c3ea4683d036e928c97693780a4190825ba380ed58de0d26440cf6249b84
-
SHA512
306c9b05b52c8f39cb243032b2dccecdecbbd03d9630e5e5349991904221dc67edd2bf15347e97ddb68b59b3a7ee5f9128845dc2f700fa2d8bcd1b06dfba0638
-
SSDEEP
1536:CGFmgE2tt3dUF6Ghjeu2F470aFVE2uUsDfA7:7FmgE2bRse7TaFVE2uUsDU
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4780 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 4780 AcroRd32.exe 4780 AcroRd32.exe 4780 AcroRd32.exe 4780 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4780 wrote to memory of 2940 4780 AcroRd32.exe RdrCEF.exe PID 4780 wrote to memory of 2940 4780 AcroRd32.exe RdrCEF.exe PID 4780 wrote to memory of 2940 4780 AcroRd32.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 3188 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe PID 2940 wrote to memory of 2340 2940 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a88b22b86aadb322474560d7d3d69389_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4780 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2940 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=65E2881421FEFF4212504BE7619C59D0 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3188
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BBCCEAF5B26034028FE220DBDEC91B8F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BBCCEAF5B26034028FE220DBDEC91B8F --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:13⤵PID:2340
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=91FCAB200C15A8B6E44E216B30F4656B --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1200
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1A76554031A33EAE96C098CE3B5E0CEE --mojo-platform-channel-handle=1848 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1060
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D4B13D71FE1DDE5A4C136AA14673A32A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D4B13D71FE1DDE5A4C136AA14673A32A --renderer-client-id=6 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:13⤵PID:1164
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0751B4772197A1BA07F66C4D5E80B714 --mojo-platform-channel-handle=2672 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2740
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:640
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5bf05b2de4afd3801c4f0350ce443df2e
SHA14049d33dbbb0bd2198d0edcc2daf79b7c63a5889
SHA25622146518c146f8158d71d8df56d0bf875d43aa636e875cb0c8237164e6656f56
SHA512f48e922479b14bef201665f664d280bc17b57c26ed77fa26f6105fe4a829adb4edf5257512e9548ffdf7a4a50aa89b225db9f735f4e4f9e30042ca450dd4a390