Analysis
-
max time kernel
141s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 05:35
Behavioral task
behavioral1
Sample
ad067929e0d4d18ae2aa954326630431_JaffaCakes118.pdf
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
ad067929e0d4d18ae2aa954326630431_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
ad067929e0d4d18ae2aa954326630431_JaffaCakes118.pdf
-
Size
42KB
-
MD5
ad067929e0d4d18ae2aa954326630431
-
SHA1
0af4702dcf2b4ed6197f4bfc212289e1ec7008d8
-
SHA256
c0a69c507788f3307ab87be26e2e78ad870779312db432812345ea20a2e8a69a
-
SHA512
c4a3c8f1d7fcf3584a80a91b0904781965b6aa4102a358d6067ad3c3ab6929e07be57fa66ae7ed62b35dd4e58ef52aabdcdb3e50ea0d12b87cb77f6dca16a941
-
SSDEEP
768:0uXuMZmwgCLWarSE5Hpu5929j+BognutdVrHom+N2nWw50jyiRLvnKOTRGULRwx7:0uXFZmGWSD85929j+BognutdVrR+snXB
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3776 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3776 AcroRd32.exe 3776 AcroRd32.exe 3776 AcroRd32.exe 3776 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3776 wrote to memory of 868 3776 AcroRd32.exe 86 PID 3776 wrote to memory of 868 3776 AcroRd32.exe 86 PID 3776 wrote to memory of 868 3776 AcroRd32.exe 86 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 1384 868 RdrCEF.exe 87 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88 PID 868 wrote to memory of 644 868 RdrCEF.exe 88
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ad067929e0d4d18ae2aa954326630431_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3776 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:868 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=546E69AD3C4A05E36246DB8C90B40557 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1384
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0EE7F89FFD79F931B1527686AB1317F6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0EE7F89FFD79F931B1527686AB1317F6 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵PID:644
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3F1C782A87CF794037541664AF393A64 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1148
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2F32B3118C43DEB4B5264514D0BC8796 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1932
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E66D8A47C6D2112561574A2C986A4EA6 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4732
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DE17F7C17C298539B41FAAA178445C6E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DE17F7C17C298539B41FAAA178445C6E --renderer-client-id=7 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job /prefetch:13⤵PID:404
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5e6fbc4eeb5f09bca8b1641a0bd76b87c
SHA1c910141c2e9bf6de753bda05a7727d1965ab9fc8
SHA256695332dea792585c3c53c1a9832ae3616e7a1fe0a425b341779472175bc5e628
SHA51239d8fd95b66a47cd84be4aa5e47d4052909a9d1982cab4474454ee4e18ab97add5cc12bbd423df4851845dbcd0c35b6a38bf83287595f2b6a2f1524112861be5