Analysis
-
max time kernel
161s -
max time network
178s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
02-02-2022 07:59
Behavioral task
behavioral1
Sample
6120dd48f54bcf8321d40d34430836317e32d5f5566489195c2f5c44d59db304.pdf
Resource
win10-en-20211208
0 signatures
0 seconds
General
-
Target
6120dd48f54bcf8321d40d34430836317e32d5f5566489195c2f5c44d59db304.pdf
-
Size
15KB
-
MD5
53a083bcd4b8aa1defc95377e0dd3a10
-
SHA1
58ad3f42fb8fb7a5fc9a5670520e4430e2dbecc4
-
SHA256
6120dd48f54bcf8321d40d34430836317e32d5f5566489195c2f5c44d59db304
-
SHA512
bffdaeaa74087906db37305021a6fda3bbf2205f75107c2ac15952f43dca6867f2f15322bd51649a4fbcaea99c4ab4975eabb51efc155cac24c36484e7fcb01c
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 3780 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
AcroRd32.exepid process 3780 AcroRd32.exe 3780 AcroRd32.exe 3780 AcroRd32.exe 3780 AcroRd32.exe 3780 AcroRd32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
AcroRd32.exedescription pid process target process PID 3780 wrote to memory of 3936 3780 AcroRd32.exe RdrCEF.exe PID 3780 wrote to memory of 3936 3780 AcroRd32.exe RdrCEF.exe PID 3780 wrote to memory of 3936 3780 AcroRd32.exe RdrCEF.exe PID 3780 wrote to memory of 352 3780 AcroRd32.exe RdrCEF.exe PID 3780 wrote to memory of 352 3780 AcroRd32.exe RdrCEF.exe PID 3780 wrote to memory of 352 3780 AcroRd32.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6120dd48f54bcf8321d40d34430836317e32d5f5566489195c2f5c44d59db304.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵