Analysis
-
max time kernel
51s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 08:34
Behavioral task
behavioral1
Sample
a8c22aef107741d1671d5aec3dbe857d_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a8c22aef107741d1671d5aec3dbe857d_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
a8c22aef107741d1671d5aec3dbe857d_JaffaCakes118.pdf
-
Size
52KB
-
MD5
a8c22aef107741d1671d5aec3dbe857d
-
SHA1
542422738a6ff4a4a973e271d31e0c92e593b072
-
SHA256
c07cb5b22d2fe02c584c68bdc9b1044f8fa3e1be0c5fa21b54b9d1df4baf36f0
-
SHA512
fb1d4c3515718fd0a246c139f4d11aa069d53d648ab91457aa4d5f0fcb3e9b6bdb7b6bbc677ec8f3cc69cfc82420d6f940f7fdc96438d6d7d62143aa815aeff2
-
SSDEEP
1536:dGFd4jQABL7EsYJt9f3x8+5/Zt77MilPVrNr9:gFd4jQA9EL/f3x8yRt77M4rr
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4540 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 4540 AcroRd32.exe 4540 AcroRd32.exe 4540 AcroRd32.exe 4540 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4540 wrote to memory of 1608 4540 AcroRd32.exe RdrCEF.exe PID 4540 wrote to memory of 1608 4540 AcroRd32.exe RdrCEF.exe PID 4540 wrote to memory of 1608 4540 AcroRd32.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3880 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe PID 1608 wrote to memory of 3920 1608 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a8c22aef107741d1671d5aec3dbe857d_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4540 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1608 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=90E042C90522311F5BE6F99F33674639 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3880
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=ADA2D263B156EC0713842540AAC32B76 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=ADA2D263B156EC0713842540AAC32B76 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:3920
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D4CC08B7E591BA787C2CFA2AB1BE4FC2 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:780
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8BDC6320A6D5CAA4D44BA5BF00426164 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:232
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=941E7A7D09B9870A2362CDD74E07A267 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=941E7A7D09B9870A2362CDD74E07A267 --renderer-client-id=6 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:13⤵PID:1072
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=43E2CFA8594715D8FF7AE8D409442D14 --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4200
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3356
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD59574a36b86973df576d3a1402e98a9d9
SHA1ac2bb70fb0b6180274c7c496b83454ba8dadc2f5
SHA256aa5fc8c2c4e55d7ff30f33acde5ed1e3e1a7b4f4379e360722ee5388e163bceb
SHA5123a352659fe538806035e5958de8308eb92a2e9d9310b0c2f186b86215ee04588713d7bf25521baf36f2308e97f4229c570cf0ed7d894b25ede0be78c68501581