Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
08-11-2021 19:13
Behavioral task
behavioral1
Sample
Η λέμβος απεσπάσθη, και υπό τ ην ώθησιν των τεσσά ρων �.pdf
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Η λέμβος απεσπάσθη, και υπό τ ην ώθησιν των τεσσά ρων �.pdf
Resource
win10-en-20211104
General
-
Target
Η λέμβος απεσπάσθη, και υπό τ ην ώθησιν των τεσσά ρων �.pdf
-
Size
199KB
-
MD5
b6f40dbe99fdc9afd0659c208afab925
-
SHA1
dc741150a1148eb7f3d700fabc16ff74a972b0c0
-
SHA256
b2268376d95247e6c9c83c2a8316e730228e3d7b5f2a03bf26a39bfd1969f6d8
-
SHA512
8ef52cfd1c4e3f0f411ed82b96e671c55d801ed9705d1c87f476e39c8ce2a2feb52f464392a63f7d318a94b4912c6e2cc49831b6e13440b27dcd8f43c3ec46ca
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
AcroRd32.exepid process 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 4024 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe 4024 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4024 wrote to memory of 4260 4024 AcroRd32.exe RdrCEF.exe PID 4024 wrote to memory of 4260 4024 AcroRd32.exe RdrCEF.exe PID 4024 wrote to memory of 4260 4024 AcroRd32.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 4380 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe PID 4260 wrote to memory of 732 4260 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Η λέμβος απεσπάσθη, και υπό τ ην ώθησιν των τεσσά ρων �.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DF7E33D5DD3F733212E10656C968B09A --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9010E95C23EE2EC123C19957AC1E1A5C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9010E95C23EE2EC123C19957AC1E1A5C --renderer-client-id=2 --mojo-platform-channel-handle=1648 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CD5C19A9351A110DB17EFAFA37B0D027 --mojo-platform-channel-handle=2216 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3177307CC6D81BE528A7360869F9FF96 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F943BCD3D929D27AAB52FC0A2ED20F8E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F943BCD3D929D27AAB52FC0A2ED20F8E --renderer-client-id=6 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D7A9038C827B8937A73338A7B2571281 --mojo-platform-channel-handle=2436 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/732-124-0x0000000000A2C000-0x0000000000A2D000-memory.dmpFilesize
4KB
-
memory/732-128-0x0000000000B20000-0x0000000000B21000-memory.dmpFilesize
4KB
-
memory/732-127-0x0000000000B10000-0x0000000000B11000-memory.dmpFilesize
4KB
-
memory/732-125-0x0000000000000000-mapping.dmp
-
memory/732-123-0x0000000077D62000-0x0000000077D63000-memory.dmpFilesize
4KB
-
memory/1008-135-0x0000000000000000-mapping.dmp
-
memory/1008-133-0x0000000077D62000-0x0000000077D63000-memory.dmpFilesize
4KB
-
memory/1008-134-0x000000000081F000-0x0000000000820000-memory.dmpFilesize
4KB
-
memory/1388-139-0x0000000000000000-mapping.dmp
-
memory/1388-138-0x000000000105E000-0x000000000105F000-memory.dmpFilesize
4KB
-
memory/1388-137-0x0000000077D62000-0x0000000077D63000-memory.dmpFilesize
4KB
-
memory/1488-143-0x00000000007A3000-0x00000000007A4000-memory.dmpFilesize
4KB
-
memory/1488-145-0x0000000000000000-mapping.dmp
-
memory/1488-142-0x0000000077D62000-0x0000000077D63000-memory.dmpFilesize
4KB
-
memory/4192-129-0x0000000077D62000-0x0000000077D63000-memory.dmpFilesize
4KB
-
memory/4192-130-0x00000000009A5000-0x00000000009A6000-memory.dmpFilesize
4KB
-
memory/4192-131-0x0000000000000000-mapping.dmp
-
memory/4260-118-0x0000000000000000-mapping.dmp
-
memory/4380-119-0x0000000077D62000-0x0000000077D63000-memory.dmpFilesize
4KB
-
memory/4380-121-0x0000000000000000-mapping.dmp
-
memory/4380-122-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/4380-120-0x00000000005F2000-0x00000000005F3000-memory.dmpFilesize
4KB