6d855933bcf3b00943a7b4b214ef3cf75435bba766ad5d03468f71ff8056b4f7

General

Target

Handbook for CTFers.pdf
Size

45.9MB
MD5

dce4c0016a80787727ebcdab463588a1
SHA1

6311dc059260108666a33ddb7f81a4adcdca3bc5
SHA256

6d855933bcf3b00943a7b4b214ef3cf75435bba766ad5d03468f71ff8056b4f7
SHA512

00c62ad8efd8ba641d497b84acc88232cde776e1c22ce5200b6fd932cace06eae02a2eb5ec562bda30757eb38fabdb0855b8b99820cb5c242ae4d229ddd47c59

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

AcroRd32.exe

pid process

2332 AcroRd32.exe
2332 AcroRd32.exe
2332 AcroRd32.exe
2332 AcroRd32.exe

pid	process
2332	AcroRd32.exe
2332	AcroRd32.exe
2332	AcroRd32.exe
2332	AcroRd32.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Handbook for CTFers.pdf"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:2332

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2332-117-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-118-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-119-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-120-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-121-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-122-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-123-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-124-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-125-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-126-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-127-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-128-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-129-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-130-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-131-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-132-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-133-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-134-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-135-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-136-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-137-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-138-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-139-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-140-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-141-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-142-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-143-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-144-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-145-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-146-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-147-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-148-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-149-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-150-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-151-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-152-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-153-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-154-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-155-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-156-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-157-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-158-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-159-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-160-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-161-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-162-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-163-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-164-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-165-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-166-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-167-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-168-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-169-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-170-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-171-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-172-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-173-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-174-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-175-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-176-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-177-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-178-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-179-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download
memory/2332-180-0x00000000775B0000-0x000000007773E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing