Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 13:01
Behavioral task
behavioral1
Sample
08a90270bdfffbb800fb6761ef1e8917_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08a90270bdfffbb800fb6761ef1e8917_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
08a90270bdfffbb800fb6761ef1e8917_JaffaCakes118.pdf
-
Size
15KB
-
MD5
08a90270bdfffbb800fb6761ef1e8917
-
SHA1
f68b4f3ec383fb2320c18fb622b1c73996bb81da
-
SHA256
7143eda7dbdf1f21c4f351a526cd5ec6e4bc7d2d645dbc48574a1bfeba3691ea
-
SHA512
1cda79b17bb0672580aca030c4fe08c4bf6ad7cca373d73d6c7c0ba2a25de9c58ee045ac66fc9af6fe511d0de8e643db5131440601a509de4a8e3d6a2579fb82
-
SSDEEP
384:uP5uqkhYN5IUKv+/ZyvG4mtHBwJZtXTVnDPgbbWKlyRAY+:ujTyvzs2JZtXTVE3Xl6y
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4108 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 4108 AcroRd32.exe 4108 AcroRd32.exe 4108 AcroRd32.exe 4108 AcroRd32.exe 4108 AcroRd32.exe 4108 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4108 wrote to memory of 2840 4108 AcroRd32.exe RdrCEF.exe PID 4108 wrote to memory of 2840 4108 AcroRd32.exe RdrCEF.exe PID 4108 wrote to memory of 2840 4108 AcroRd32.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3548 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe PID 2840 wrote to memory of 3464 2840 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\08a90270bdfffbb800fb6761ef1e8917_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4108 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F60E83F0B09705A7D10169C9E941FF52 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3548
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B963B505691E5DF017F324B46FAF0B97 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B963B505691E5DF017F324B46FAF0B97 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:13⤵PID:3464
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=37DE0D264B3059AD60C4D02094051EB1 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2296
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E73D1D3682A9613BB12C5CC9135F6B84 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E73D1D3682A9613BB12C5CC9135F6B84 --renderer-client-id=5 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job /prefetch:13⤵PID:3528
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0E3A0EBAF627A91607C24FAC6167472A --mojo-platform-channel-handle=2772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3568
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=372C777E864D8DB1B0358050424C05C8 --mojo-platform-channel-handle=2360 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4428
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1920
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD594307423dfa9b429983f24dbedcc4f90
SHA1f82be20a42a0a4a754c16e4f45bff691045ac6a3
SHA256e7f4bd1b6e4516ab2dd69e25da3afbca2b37109a168fe5250932ceed34024961
SHA51209dcd78ee3972e5e6b01d05869328d6ab06311a49c3a66707a2868e2c35819d8a34f411ea3e6e6a93f226039afcf238c0ed2b2af3c65987470671b00edbd6e1c