Analysis
-
max time kernel
162s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
09-03-2022 12:13
General
-
Target
97b48f4fd6ac3dd91175ca1e40fdf764add99eb2c0f0cff375874a807c4f9005.pdf
-
Size
298KB
-
MD5
f2d8f1770dc64f374170bfe39b46cde7
-
SHA1
e47160699535139b38c2d92de3f0276a4b234286
-
SHA256
97b48f4fd6ac3dd91175ca1e40fdf764add99eb2c0f0cff375874a807c4f9005
-
SHA512
72fcc61630aff55616ee750e69d465949645aa7b0afa176db7eccd55be23add9d77e80c0e14743f0bf1914de32bb3009d2776aa8ca69f3e8f49ad12ff430cce3
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\97b48f4fd6ac3dd91175ca1e40fdf764add99eb2c0f0cff375874a807c4f9005.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵