Analysis
-
max time kernel
52s -
max time network
54s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 07:04
Behavioral task
behavioral1
Sample
ad4179ec20bd0566efe8747ca838f609_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ad4179ec20bd0566efe8747ca838f609_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
ad4179ec20bd0566efe8747ca838f609_JaffaCakes118.pdf
-
Size
17KB
-
MD5
ad4179ec20bd0566efe8747ca838f609
-
SHA1
7e5964fce6960e476a9f80aef946cdb47f21911c
-
SHA256
78dc06c1eeca144f523978d99c60c44441d2fb45f3d35f3d4941b91310e3d666
-
SHA512
d4202745a95d779f1e9220256a989d8ce3a63855062396b5b6f433db67fe956c75ed2f9f8c1d5f2997c31041bb3652b09347bff4733948968ade42f44b0ea97c
-
SSDEEP
384:VzgH/4bz1uSIoULc88U+cGdD3sU5qB5s3JFscz8H9XmiEdcXdddJDe/cxsrCB+vQ:VzQ/4bz1uSI9qi5qX41mXMdddE/CAcUQ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2908 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2908 AcroRd32.exe 2908 AcroRd32.exe 2908 AcroRd32.exe 2908 AcroRd32.exe 2908 AcroRd32.exe 2908 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2656 2908 AcroRd32.exe 85 PID 2908 wrote to memory of 2656 2908 AcroRd32.exe 85 PID 2908 wrote to memory of 2656 2908 AcroRd32.exe 85 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 532 2656 RdrCEF.exe 86 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87 PID 2656 wrote to memory of 4432 2656 RdrCEF.exe 87
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ad4179ec20bd0566efe8747ca838f609_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=67F702C7E1DD36ED0414B48B703BB2C4 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:532
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DB56C1E1C8C1FDEF24C4C4373A952ED3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DB56C1E1C8C1FDEF24C4C4373A952ED3 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:4432
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=69BAA077AD5ECF65B8B370654337727F --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3536
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A3DEF92204A93F5B354A13A6385815DD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A3DEF92204A93F5B354A13A6385815DD --renderer-client-id=5 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job /prefetch:13⤵PID:4200
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6D7D1C9902284E2D9F7B7A550D9D952F --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1276
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BCF0FACA5F7B44272E8F7D561BC9219F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BCF0FACA5F7B44272E8F7D561BC9219F --renderer-client-id=7 --mojo-platform-channel-handle=2664 --allow-no-sandbox-job /prefetch:13⤵PID:4952
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AE4EC302160E9FE39A09BAD9DA3E9F8C --mojo-platform-channel-handle=2968 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1500
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD50de8e4134e494bc32c66258023cfee24
SHA15a12d1474a62d4c24d957d944b266e5d2e48f71e
SHA256696716a0f5fb829041e52638ab154ba20d247959d675d4b5ee2672a99cd53cb3
SHA512790b2284c0d68b0af6f7b1f587bdedbcfa9a5967e869f4fde50d13614d9e8daed60101a237c039a30b3ee464039d18a8dbe5f33ccefd7608ccc5485fcbeb0003