Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 06:14
Behavioral task
behavioral1
Sample
ad219288cff550bca19e1e73f3dc8da7_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ad219288cff550bca19e1e73f3dc8da7_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
ad219288cff550bca19e1e73f3dc8da7_JaffaCakes118.pdf
-
Size
31KB
-
MD5
ad219288cff550bca19e1e73f3dc8da7
-
SHA1
bf3d1ddf29122d4165b56cafec59cfea4869e2d0
-
SHA256
82d74f440f6d965882bd91709147c534da9a16aea2e69ee0f4c788eb38fdfa92
-
SHA512
a92c7e4c09be31050316684923577a1976d4949c3e6a2737999170d4e9ec9a8f09916f55a953cc39b61bdd82882ba33c7179e21985fcab38b965939dd9bf6128
-
SSDEEP
768:17DFpjo7Io1Xp94R7MBktls1TJkEqVXTOrOTy/RlNlX/GCDe8XvE56XuMZmwgCLR:5H1YXoR7MBktls1TJkEqVXTWOTy/RlN9
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3920 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3920 AcroRd32.exe 3920 AcroRd32.exe 3920 AcroRd32.exe 3920 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3920 wrote to memory of 2448 3920 AcroRd32.exe 85 PID 3920 wrote to memory of 2448 3920 AcroRd32.exe 85 PID 3920 wrote to memory of 2448 3920 AcroRd32.exe 85 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 3916 2448 RdrCEF.exe 86 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87 PID 2448 wrote to memory of 2100 2448 RdrCEF.exe 87
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ad219288cff550bca19e1e73f3dc8da7_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3920 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=735A73C01B4BAFF59B398448781E8AFB --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3916
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=77FB7BDF0A9507C5D0FAE43AF63AEFB6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=77FB7BDF0A9507C5D0FAE43AF63AEFB6 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:13⤵PID:2100
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=93720BCB872FFDF5EA475CA55BBBA337 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1540
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=772702F4B6330376E3B7A3F17FB6E8F6 --mojo-platform-channel-handle=1904 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4728
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=57C5BBBE3D20FB67BD213ACCD3920B8B --mojo-platform-channel-handle=2480 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4792
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E4A0118A4EC6847741ED575E501567FE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E4A0118A4EC6847741ED575E501567FE --renderer-client-id=7 --mojo-platform-channel-handle=2524 --allow-no-sandbox-job /prefetch:13⤵PID:4488
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD50a8fb4a2b06bd63507ac0a3d7554dea9
SHA1e8c9b87f9036088d30b5ed1262123824bf7b1006
SHA256089e850ac3365c4b720f2af3b1b8ade26e0fd40bef3d60447fbd59ee3052df80
SHA51252ca2b7080d54e77e8398c87fc9d6157837010a432cd71793e76a1eb7c2ed1a03d46736b22ac815e5361b637727908b29b086f71aa00d9b4e61e82a8bccb088a