Analysis
-
max time kernel
141s -
max time network
59s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 11:32
Behavioral task
behavioral1
Sample
084386dd44f83670b410764c4120e1e7_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
084386dd44f83670b410764c4120e1e7_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
084386dd44f83670b410764c4120e1e7_JaffaCakes118.pdf
-
Size
9KB
-
MD5
084386dd44f83670b410764c4120e1e7
-
SHA1
5d1aabf415efb3b8bda41767c2f0041c372a8531
-
SHA256
cb565ab5ba9d7dc386494e85e86b8db0b157eaa6068029fca25eb8e3065c5e07
-
SHA512
7860dcd6155bc84565781453ed23b576011dfc8a3b04726f03e4e55659cfe3d266bbab7efc355b1aaed6c0b30a6ad665c4ccc54378c6b8996c9dd19c7b0dac73
-
SSDEEP
192:WPz4ULMxLIKXHsfyxaD68z2v6pLMvRjXGGTiy8tQs2pXJkKbmXoWNHmfrlkPeFR9:WPz4ULMxLIKXHsfCaJtp0/QtQHXJHaXU
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
AcroRd32.exepid process 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 556 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe 556 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 556 wrote to memory of 5044 556 AcroRd32.exe RdrCEF.exe PID 556 wrote to memory of 5044 556 AcroRd32.exe RdrCEF.exe PID 556 wrote to memory of 5044 556 AcroRd32.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 224 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe PID 5044 wrote to memory of 3692 5044 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\084386dd44f83670b410764c4120e1e7_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:556 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:5044 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=44629C43886D195F36772F1E8C7C048B --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:224
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=30C685A5F0B090CE5009ED3FF1F11AC7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=30C685A5F0B090CE5009ED3FF1F11AC7 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:3692
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=710E865969029F0C193E964E88D824F7 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:372
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0FD714B715DA03DF3448A54EFB9265B3 --mojo-platform-channel-handle=1916 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1352
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3885B99634E61685F97A6EFE39DDF28D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3885B99634E61685F97A6EFE39DDF28D --renderer-client-id=6 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:13⤵PID:4944
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D284733166AA6D9A8FD79BFD85C76307 --mojo-platform-channel-handle=2656 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1864
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4912
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5fec3e03ed277caed267da41818fb3418
SHA1c162b7040b23c0f5f4ebc6f40d244ad9bb2dc514
SHA25676111e6e869c6a0535a40b1071113b08abc89687992d51bebd38b984520a6110
SHA512bf0bf0be4abca66c95a6f4b16e059b6fbea79452e99fbbbc632365ffa193c4ebe43664162e00d34eaedfb50b3941866e62d2163767ed73edb8c6c3c350ff6f21