Analysis
-
max time kernel
93s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2024, 01:23
Behavioral task
behavioral1
Sample
242556990ee0b51a51f2b85062295e91_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
242556990ee0b51a51f2b85062295e91_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
242556990ee0b51a51f2b85062295e91_JaffaCakes118.pdf
-
Size
74KB
-
MD5
242556990ee0b51a51f2b85062295e91
-
SHA1
2ab1645ae133a9c8f8f20182be571c12e5221b25
-
SHA256
36f562fda381dc045d50cd457802372771a3aeba5e5a342e1bd3f53802ce2190
-
SHA512
70797caadc5be66b4f924b5eee6ce1bc48f4c108e7663eb998e6247c4adb54a38adabb54fd494b89f8dd8b89ad3217893023d485856ce4ce7f48dc93c567d827
-
SSDEEP
1536:iuS4OnmvED/t8LsMh6yhzsSezR/4nMPbwWkNpOPgpWaeAHSWE2NNHsh3lj3a:wlnZt84M4zxkMxP2WLAHdNNHsh30
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3484 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3484 AcroRd32.exe 3484 AcroRd32.exe 3484 AcroRd32.exe 3484 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3484 wrote to memory of 3960 3484 AcroRd32.exe 81 PID 3484 wrote to memory of 3960 3484 AcroRd32.exe 81 PID 3484 wrote to memory of 3960 3484 AcroRd32.exe 81 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 212 3960 RdrCEF.exe 82 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83 PID 3960 wrote to memory of 4932 3960 RdrCEF.exe 83
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\242556990ee0b51a51f2b85062295e91_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3960 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6A901DC4F8137E2F2E266F8036BAB6E6 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:212
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D876017F9DB8732AF3CF4F6791AE0448 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D876017F9DB8732AF3CF4F6791AE0448 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:4932
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=979D9671C3BD933A464E46AC7EE8520E --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1004
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F00BC0B5FF5D4D8784FD19489A702C2D --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4784
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DF6089738464AD94DD3A6D3320E4BC6A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DF6089738464AD94DD3A6D3320E4BC6A --renderer-client-id=6 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job /prefetch:13⤵PID:4916
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4CD330E3DF080234EDFFDCA21BE9E4FB --mojo-platform-channel-handle=2764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1576
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD50e1889bb32ed54c911aae65108e86d85
SHA1323b438e9a7aafba4de10570b0b941129658ab7f
SHA25649a0ec1d75a5cc89bc9c6a1e45cc5f637ae61b8995a0db48612eca16e2d001c9
SHA5123c0637b02d9c82a0cc881c55a609b3247200f269b1ab4d0c51df728f6d16c07b3ae772ea854f87183586fd3c42a904d9210ab233e4aa7e0f946dccff632a585e
-
Filesize
64KB
MD5b68befa4bf23b331301f1f5d9289bbd3
SHA1d4fa3b0827c90685d74082950d89e5078efab5a0
SHA256cfa9fd5a308c91529566ee6b4fcc5f6fdbd9ae6928698914bdc8450cdd797a75
SHA512618a87be08a0de51d544fbbc266580b4c8c8a0b5df2ccdaf722c2a341b7a0f9bdf674e7d70ba0c8ec9b08f3af4de72528fbc2130d4e07cbedc8e2510f1cc343d