Analysis
-
max time kernel
51s -
max time network
152s -
platform
windows10_x64 -
resource
win10-20220331-en -
submitted
12-04-2022 15:46
Behavioral task
behavioral1
Sample
CheckMyLink.pdf
Resource
win7-20220331-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
CheckMyLink.pdf
Resource
win10-20220331-en
0 signatures
0 seconds
General
-
Target
CheckMyLink.pdf
-
Size
1.3MB
-
MD5
617ec2c10f08237906e11297f4d70fdb
-
SHA1
defcf378ac7106631b678057d0c603f1b6bfcfb6
-
SHA256
1d6489bfa6e3d4275531d44665bb1a83bc09b740f46f93a08f5bdeec2a44d1b7
-
SHA512
b77cfc03b9b9104b53ed81c590d9a701445fb80126bc0f2c63bdcada94bc30aefd9ded4889df78be98b8afb5c23ee38df4a8cb6b3294ce5fb5e45eab9fb12d12
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 2664 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 2664 AcroRd32.exe 2664 AcroRd32.exe 2664 AcroRd32.exe 2664 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CheckMyLink.pdf"1⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx