Analysis
-
max time kernel
94s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 07:52
Behavioral task
behavioral1
Sample
1a80c402acbeaf5f5cc64fdd2be1fddd_JaffaCakes118.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1a80c402acbeaf5f5cc64fdd2be1fddd_JaffaCakes118.pdf
Resource
win10v2004-20240508-en
General
-
Target
1a80c402acbeaf5f5cc64fdd2be1fddd_JaffaCakes118.pdf
-
Size
87KB
-
MD5
1a80c402acbeaf5f5cc64fdd2be1fddd
-
SHA1
b209f56e807ce8fae79b9c2a95415ffb883b61d2
-
SHA256
017859fc994e75a7de1a76ae8fdcb5d311e9e28836fd709d226877e13dc32b00
-
SHA512
4648887e7a79a54fc23058c2dc626d8562eca0372ec79be796e3bec32d45000147a4d9e753ee11891aeeb50b673ce5c8f4d2fef9027d76c3303ca525304a6295
-
SSDEEP
1536:Zeuu0D0gphilP1Anh7juN4jj1gRR5a0BWcAX2ohjlbvnhICQWE+MADTphUJgRWX1:0tmjUdAn9iN4jjCRRBwNxvhICM+MqLyt
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4628 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 4628 AcroRd32.exe 4628 AcroRd32.exe 4628 AcroRd32.exe 4628 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4628 wrote to memory of 620 4628 AcroRd32.exe RdrCEF.exe PID 4628 wrote to memory of 620 4628 AcroRd32.exe RdrCEF.exe PID 4628 wrote to memory of 620 4628 AcroRd32.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 1532 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe PID 620 wrote to memory of 2636 620 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1a80c402acbeaf5f5cc64fdd2be1fddd_JaffaCakes118.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0485F56B0FD32966D92F66502E1715F7 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E830973ABFDAD24AE8AE3F126DB6A8A3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E830973ABFDAD24AE8AE3F126DB6A8A3 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4858310266CED97B0F087A1F0B47ED1B --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=46E874847DFE50AEFB49A75A0A20F09B --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5B5FBFD6FBF0DCF743A23435E0A36B9B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5B5FBFD6FBF0DCF743A23435E0A36B9B --renderer-client-id=6 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FF58CA5C730BB204FBC21E7FDF1D4D32 --mojo-platform-channel-handle=2716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD52fe22191f6593362b7a454792871be5c
SHA11d626d9b80f0bd7f8ae4257d235892ce4574a7ac
SHA2562bb303d612cea8155e8f17ceff6ca9f546d0b358aaace6003d35907dd09f651c
SHA512617cbbe81c3a4761e7ec8de61309a0aa2a5c52fdf315746b7d7e9795803508b9e0d77c0cf105e018654b46adcd78127f4c48247de9beaf4c46f96cb142b98918
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD5399ce09f5bfdee4f4e2733c2695cafed
SHA1e03469aa5f0ccd8bbed9319828f45f855fd77509
SHA256d5d63f80f8f4d52ddee7c616c4e4b8f9b98f63fc07624fa5bfdf07a618af311f
SHA5125e8c80aae8596ecd94b20803b8a797927de32d5b92a83ac29e1f44f49f1d8098a349dc711333ef92bd9805fd2f20ff60c0ec70132009f4eced5e09361dccd4af