Overview

overview

3

Static

static

3

4c059ac224...9d.pdf

windows7_x64

1

4c059ac224...9d.pdf

windows10-2004_x64

1

Analysis

  • max time kernel
    161s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    10-03-2022 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c059ac22437b2a8591bffa10d67807c2d78c327d9501701aaef185a306c269d.pdf

  • Size

    44KB

  • MD5

    02b1a9d3e05ccc1a82a1b6522fe5b104

  • SHA1

    a184fd5b300e1ab6bc44cb1bdccf01248f131107

  • SHA256

    4c059ac22437b2a8591bffa10d67807c2d78c327d9501701aaef185a306c269d

  • SHA512

    d0dc1c3e8606ad78dfceb20de3663830e73e093bef06d5d04855341189a5d5afd0378bd65a29626ddd66bb6cf1395902b78f4fbc3576fa6d662ba62becc29a90

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4c059ac22437b2a8591bffa10d67807c2d78c327d9501701aaef185a306c269d.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4056
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
        PID:3472
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
        2⤵
          PID:2208
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
          2⤵
            PID:2316
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
            2⤵
              PID:2472
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
              2⤵
                PID:1180

            Network

            MITRE ATT&CK Matrix ATT&CK v6

            Initial Access

            Execution

            Persistence

            Privilege Escalation

            Defense Evasion

            Modify Registry

            1
            T1112

            Credential Access

            Discovery

            Query Registry

            1
            T1012

            System Information Discovery

            1
            T1082

            Lateral Movement

            Collection

            Exfiltration

            Command and Control

            Impact

            Replay Monitor

            Loading Replay Monitor...

            Downloads