Analysis
-
max time kernel
94s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 11:58
Behavioral task
behavioral1
Sample
085f2a9526cbccc6179a4f9070faad26_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
085f2a9526cbccc6179a4f9070faad26_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
085f2a9526cbccc6179a4f9070faad26_JaffaCakes118.pdf
-
Size
8KB
-
MD5
085f2a9526cbccc6179a4f9070faad26
-
SHA1
e690c48317315d103a3e76ff81bd0744dd668ba5
-
SHA256
91e903e24a7c7ac18bc71a8b5d6884c7d3bb65930875ba4afe3d52da5fd86601
-
SHA512
29b5923441b062b7967ae4d27255b310bdc312f7ff7dd452a9220952d576ad9229715eecaa587974de44c1e84aaeb2cf372c364bc327f5af470d1c899ddb3351
-
SSDEEP
192:bP5uFm4k+jRSWT7h/m7daP2SVPAYyPUtSZ4pNYl:bP5uFm4kMQWT7QU2S3yPUt5Yl
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 3984 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 3984 AcroRd32.exe 3984 AcroRd32.exe 3984 AcroRd32.exe 3984 AcroRd32.exe 3984 AcroRd32.exe 3984 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 3984 wrote to memory of 4656 3984 AcroRd32.exe RdrCEF.exe PID 3984 wrote to memory of 4656 3984 AcroRd32.exe RdrCEF.exe PID 3984 wrote to memory of 4656 3984 AcroRd32.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 2188 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe PID 4656 wrote to memory of 1332 4656 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\085f2a9526cbccc6179a4f9070faad26_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3984 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4656 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1F7DEDC11271379FC2FE1ACC6AFF2D87 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2188
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=35DC0AC791FFBF853899F908126FFBAC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=35DC0AC791FFBF853899F908126FFBAC --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:1332
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E221482B3D15E4892799CB7CBD6D9F2A --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1740
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9C94DF823D9739DDCDBC1925A3826978 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4592
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BE7911296B6DEA7020CAD5FE60A91BFA --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4252
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EFA4CB45BCEA9C5A9097F5290FC922BD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EFA4CB45BCEA9C5A9097F5290FC922BD --renderer-client-id=7 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:13⤵PID:5024
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD55e982477c514f4d4c43eda3986aa4fc0
SHA160c2d3e1e4a436d5f3a5f9ab630b5270004f4bc0
SHA25685076db6bca3917cc7c6bb73064aa1e9f4b901018cfea409254b14f86bff5b8e
SHA512289f1766fac30f5802cc1434970b80e27ce5cd6dc3a68c04473a2b546b27d3152b7e6497575cd08ffee3b8510fe7aac0ec7ca35c0ee8eb76a4fa9c9a0af22a6b
-
Filesize
64KB
MD56582db2851dbb11ad9c5581f1d9e9327
SHA173de3773fdab332fd17da4106d3e8f54e1b0dc3e
SHA256c3b8f98afb33dcafc87928c56a74dc01e916912c1a07111170952b257e65960c
SHA51246f56cdecd0275c98ee8080cd2271bfa7d11dcc1716c58666634d214c3094b2b66e0650518895b33d2b2554d7828dcf95246dfde7e0e131d8ca49f2d24565436