Analysis
-
max time kernel
141s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-06-2024 13:26
Behavioral task
behavioral1
Sample
08c72be5e89839208ad11b5e50215e13_JaffaCakes118.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
08c72be5e89839208ad11b5e50215e13_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
08c72be5e89839208ad11b5e50215e13_JaffaCakes118.pdf
-
Size
9KB
-
MD5
08c72be5e89839208ad11b5e50215e13
-
SHA1
eab5f934e779aa93b320ff385c2164fb10195850
-
SHA256
150ec081584544a0b8dcf2869fa6a7cea86438047b9bc4892e78df45c0b8e07f
-
SHA512
7e760c1dec12d69ef94abfb52d4d823aed409a06b12fc9294e33c579890325aaf15cb52a98bdc716cacea01a8ef08b9f8d6711f3f75126979b0c0111be920538
-
SSDEEP
192:ePz4ULMxLIKXHsfyx1ZMbyGcmpCdE34cT9uja9+Ymr910pHexbTWsikVl8kCm:ePz4ULMxLIKXHsfCDMWJmEIDZubpepzs
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
AcroRd32.exepid process 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 560 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe 560 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 560 wrote to memory of 4252 560 AcroRd32.exe RdrCEF.exe PID 560 wrote to memory of 4252 560 AcroRd32.exe RdrCEF.exe PID 560 wrote to memory of 4252 560 AcroRd32.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 372 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe PID 4252 wrote to memory of 456 4252 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\08c72be5e89839208ad11b5e50215e13_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:560 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4252 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=377BA976480C452C4040DABAB7D082AD --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:372
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=48AEA1E5D0B5142E60A07BC9D2A13A14 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=48AEA1E5D0B5142E60A07BC9D2A13A14 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:456
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B9586AB0AF657842753D7172F1B22DC --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1728
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=670010918510ED61F91DBAD6E8C2C32C --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2068
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FA6884E851860766B6EE711CD6566FF0 --mojo-platform-channel-handle=2400 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3900
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C838BB66CDC3AE0870CD54BE460259E3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C838BB66CDC3AE0870CD54BE460259E3 --renderer-client-id=7 --mojo-platform-channel-handle=2520 --allow-no-sandbox-job /prefetch:13⤵PID:3680
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2676
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD547166d843af8c0185981ff9506b083f3
SHA19458f4b49e248aa7399aec8e255511420af41e1b
SHA256b1f63c41ac2e1e5b5f9018e838b62b31187eaef701a7cf01821812ca626b2eea
SHA512567dc352016ab1d23344fd21e661a267318eba3ea4d9e694729074b376cb5a31b496f9d17640e595b68918f28b13889264510f9c3e9d31a6ecd54dd9ec5681b7