Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 07:25
Behavioral task
behavioral1
Sample
072c64feda75220354fd089176562ff9_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
072c64feda75220354fd089176562ff9_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
072c64feda75220354fd089176562ff9_JaffaCakes118.pdf
-
Size
9KB
-
MD5
072c64feda75220354fd089176562ff9
-
SHA1
16b015cdb186f6cac395bb6cbd4a7438a9b96675
-
SHA256
36bad5800fc7d918fb811bade56837ecaab4edd14cff98c32585a676ff9bacb6
-
SHA512
df3ca02e1ff4cb4166721066ea6f0311cdca5fbc9e351db8d72f371b242740f5ef9de8471e490d6ae3d648203274ccf8b9c1f192e815859f062eecc97045b5aa
-
SSDEEP
192:BPz4ULMxLIKXHszsoNbteZLYS7T15wMKyHTFxFjkJvtnMM7RyrZCQJgzbyGk3FcY:BPz4ULMxLIKXHsA0L415N7Fjk3nMuRyb
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
AcroRd32.exepid process 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 1384 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe 1384 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 1384 wrote to memory of 4100 1384 AcroRd32.exe RdrCEF.exe PID 1384 wrote to memory of 4100 1384 AcroRd32.exe RdrCEF.exe PID 1384 wrote to memory of 4100 1384 AcroRd32.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 3936 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe PID 4100 wrote to memory of 2460 4100 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\072c64feda75220354fd089176562ff9_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4100 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0334D4E8CC93FF6CAE6511020C0CA064 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3936
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7590F359998227E2E12DBEB24214D00D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7590F359998227E2E12DBEB24214D00D --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:13⤵PID:2460
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D48ED41C447C83F028E9BE7D00229DB3 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1664
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DA60D5566175C6A68309F2704D437A5A --mojo-platform-channel-handle=1944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3824
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B644EC40F669332550B60D246514D4FE --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4360
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7F1AC5E23A94B379A9EB7AAB7798040D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7F1AC5E23A94B379A9EB7AAB7798040D --renderer-client-id=7 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job /prefetch:13⤵PID:3000
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5e295fd8a1f6319bacb7201f9074f10a5
SHA183272f456a1ff37e109b6bc7e115238cb3634584
SHA256f11442a29dfc77890d5a8baae9392dd442169d1fcab98b028288c0729cc06eba
SHA512114475d3fa7452d42423dcdc1bab455824267fed4c94d6580fae31aafd2afec75c8bdc1164201ec2a481d7f278bcc6cd83daac7a1c7c15caa4f1ee104919f88c
-
Filesize
64KB
MD5577c8cc63c2e5e5fe017d9c05794ca66
SHA1909977d66d32ddee90279d5072420d8d4209b3b2
SHA2562df78b2a24fa2077bbad204560686d9b12057ed758b33b5cb0f11bc756950cd4
SHA5120fb32c1ae123519ff05711f6dc08a281a654158fe1c5acbcdfa8d91e4c69387b1bede9b2ce3ab0dc83c49c3a4d93eea5d654b8011b165095589a23192f09f04f