Overview

overview

8

Static

static

acrord32.dll

windows7_x64

8

acrord32.dll

windows10_x64

8

Analysis

  • max time kernel
    142s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    12-07-2020 08:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    acrord32.dll

  • Size

    360KB

  • MD5

    f888bb77af9018a617b8a74d739ac29f

  • SHA1

    68f9fc2139713cd3913a443f67f24f8ce028c8d2

  • SHA256

    1f4c6010859130ce9df006aa169ce1840624de8da5fee845f209c2a7d6b606a8

  • SHA512

    c71fb42538ee406c3834f73fb664cd7f8213ef4a0df66c2380a1b70f5ef2a76399ca3835fea1105b1c20fa8f1a717b358fec0cb755a99a34c7e9d086145bce81

Score
8/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 15 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Blacklisted process makes network request 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\acrord32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\acrord32.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      • Blacklisted process makes network request
      PID:836
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\DOC000(54).pdf"
        3⤵
        • Suspicious use of SetWindowsHookEx
        • Suspicious behavior: GetForegroundWindowSpam
        PID:1596
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 992
        3⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious behavior: EnumeratesProcesses
        PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DOC000(54).pdf
    Download Submit
  • memory/836-9-0x0000000000000000-mapping.dmp
    Download
  • memory/836-8-0x0000000000000000-mapping.dmp
    Download
  • memory/836-13-0x0000000000000000-mapping.dmp
    Download
  • memory/836-12-0x0000000000000000-mapping.dmp
    Download
  • memory/836-5-0x0000000000000000-mapping.dmp
    Download
  • memory/836-6-0x0000000000000000-mapping.dmp
    Download
  • memory/836-7-0x0000000000000000-mapping.dmp
    Download
  • memory/836-11-0x0000000000000000-mapping.dmp
    Download
  • memory/836-0-0x0000000000000000-mapping.dmp
    Download
  • memory/836-10-0x0000000000000000-mapping.dmp
    Download
  • memory/1596-1-0x0000000000000000-mapping.dmp
    Download
  • memory/1836-4-0x00000000022F0000-0x0000000002301000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1836-3-0x0000000000000000-mapping.dmp
    Download
  • memory/1836-14-0x00000000029C0000-0x00000000029D1000-memory.dmp
    Filesize

    68KB

    Download