Overview

overview

4

Static

static

4

Ariba Netw...t).pdf

windows7_x64

1

Ariba Netw...t).pdf

windows10-2004_x64

1

image002.png

windows7_x64

3

image002.png

windows10-2004_x64

3

Analysis

  • max time kernel
    52s
  • max time network
    73s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    01-04-2022 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ariba Network_KR (Agent).pdf

  • Size

    884KB

  • MD5

    0fef7495ef19c7270c708bd75b9803ce

  • SHA1

    9a425bdfce7bc078fdb2a21a4ddce82765be8ea0

  • SHA256

    aa6a53248827897dcbc0e4c56e4e471294fb8d16bb70850cc15357cad6cfb147

  • SHA512

    85f18c9094b6d2dfa2bf91ac588ed7c5164a6ffe51bcab69fe4d62f57527ca0e2b7163c9e8e12e282eb96b9562e3ee718f502bff84b8aa621ec3c04a0cc2699b

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Ariba Network_KR (Agent).pdf"
    1⤵
    • Checks processor information in registry
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads