Analysis
-
max time kernel
141s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 08:16
Behavioral task
behavioral1
Sample
0766a8e3230c007068f51ea1b6a6f6cb_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
0766a8e3230c007068f51ea1b6a6f6cb_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
0766a8e3230c007068f51ea1b6a6f6cb_JaffaCakes118.pdf
-
Size
9KB
-
MD5
0766a8e3230c007068f51ea1b6a6f6cb
-
SHA1
f230694f3f94ee28af470f0b796ce3df2ca58af0
-
SHA256
122929425ff46d592edb8e85050ce3cbc4a465292daea8a9380ee3553aefa330
-
SHA512
d2670f71bde6ca7ee433eb3a1b59963a8551d5ced6281a04a4e9c942515ea5a4ec6596d26cb22e068c6f223da3133518cb44aa034233025f6523c7019f92f8f9
-
SSDEEP
192:SPz4ULMxLIKXHsfyxQP/rG4wKi4b6/0EyJ8D65jcwTLzZW6EZykCV:SPz4ULMxLIKXHsfCoCWiueGB5465fVkw
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
AcroRd32.exepid process 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4648 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe 4648 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4648 wrote to memory of 1548 4648 AcroRd32.exe RdrCEF.exe PID 4648 wrote to memory of 1548 4648 AcroRd32.exe RdrCEF.exe PID 4648 wrote to memory of 1548 4648 AcroRd32.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 4612 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe PID 1548 wrote to memory of 2684 1548 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0766a8e3230c007068f51ea1b6a6f6cb_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4648 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BA042E25D51185DBA24A931652432ED3 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4612
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0C18E54E2C08067EA7E639CC3860FC5E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0C18E54E2C08067EA7E639CC3860FC5E --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:2684
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1ACBAC30F3BA7056256311B3F46D8824 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4664
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=53D5E95A756B8527FF39C70836C0F523 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4592
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=247ABDE652E7ADEAE08736339BB09B3B --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4708
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AB788C42FC9FA85A1F821C79C7E7D675 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AB788C42FC9FA85A1F821C79C7E7D675 --renderer-client-id=7 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job /prefetch:13⤵PID:4576
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5fc5469f7af6510dca2e4f10879f5ba8d
SHA171a65ff4e86e6e91a8e906b873a001ea103ad140
SHA25601a5b409a4f9173ca8d4ccdc06d8622e666e436acf37fba29f03301f27d9d4f7
SHA512bf1a55df01b23f6c2f563838ea6dcd655cd1212a092e42218434faa38422f53f6c5aa859dfd97ee592a447b80a54dbda160c606194bb2ac3e603942c6c631500
-
Filesize
64KB
MD5395cb14dc25aad2824dd5c0298ce1a89
SHA12ad1fe32fe7040ea8d0b2ab0650b5b45403245d9
SHA256f9e6b72a895df7968beccf9bd366eb32800ad2d9b73f617f6cf4be8db14ba415
SHA5123e44c8bd685237f9268f197279cdd368d872407a516efadf55d505ba62cd65b51e54e03e2776f0490f75e777e449805828df98a7f1a2b9633a1fcfe39faf13d1