Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 07:56
Behavioral task
behavioral1
Sample
a89f621640f1f6e97d8d90d3f8e638f7_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a89f621640f1f6e97d8d90d3f8e638f7_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a89f621640f1f6e97d8d90d3f8e638f7_JaffaCakes118.pdf
-
Size
38KB
-
MD5
a89f621640f1f6e97d8d90d3f8e638f7
-
SHA1
23fe6885b4102689324435378a295181337ee2dc
-
SHA256
f487637863e5530f07ed1faf02b1e5bf03ff2799d562c863e8e3ec35333ac99f
-
SHA512
4440f0f2956e7f473a6c9868c461b3a354ee0de442b9025af015b47d58f05436bb887c963568e7be86ffd725b0d2f08c3aa03d76c9b4dcf51087cd15b89a9863
-
SSDEEP
768:BgGzpD5Kuggnv1Bfnr3NQu847UFG8WIeJeHDXb+Pt0xUkOyULTWsyQGgHI9:yGF9TcpIejX8t02ZLTly7f9
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 3596 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 3596 AcroRd32.exe 3596 AcroRd32.exe 3596 AcroRd32.exe 3596 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 3596 wrote to memory of 1928 3596 AcroRd32.exe RdrCEF.exe PID 3596 wrote to memory of 1928 3596 AcroRd32.exe RdrCEF.exe PID 3596 wrote to memory of 1928 3596 AcroRd32.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 4540 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe PID 1928 wrote to memory of 3916 1928 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a89f621640f1f6e97d8d90d3f8e638f7_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3596 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6ECA6571316F5E04CC21E2C774BDCDFF --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4540
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0BDA291269A232B575C1EF14F423086B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0BDA291269A232B575C1EF14F423086B --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:13⤵PID:3916
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=169E30EB2A123A04E5B4997EBE286DDF --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4796
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=09002FC2AB9C262C2E0C8E6A950B5924 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3716
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8C6A1E8565C021735054F7E5DFBF7C8E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8C6A1E8565C021735054F7E5DFBF7C8E --renderer-client-id=6 --mojo-platform-channel-handle=2372 --allow-no-sandbox-job /prefetch:13⤵PID:4460
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=362EAEE9622E96F78B2E3A389FA59B19 --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD52c04b71900b5e9541d06ec9bd3354cd4
SHA16f06728ad2f7d9bb23f8ed95407ed5b1d3ff5f23
SHA256719ed3a4b2185b3afbd93e766105bb7f5089a7a9a5f1d18e2c1227c48bfafda4
SHA512f8f95cd29984fbefdfc9feb74f5c2b58b8cc8af303c835ad8bf88d2b08b30a97372fcbfece0fb17c41618f52298443f769eae4ade227cc852cb89ba5813ded34