Analysis
-
max time kernel
1198s -
max time network
1229s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
16-05-2022 12:01
Static task
static1
Behavioral task
behavioral1
Sample
AcroRdrDC2200120117_en_US.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
AcroRdrDC2200120117_en_US.exe
-
Size
224.5MB
-
MD5
af268abc3885cdccb48b2c7dde9be143
-
SHA1
97297d264f0f1e0a865dfeba8bdcc3396bc37aaa
-
SHA256
d1c2f3167c2d4cf075690789753c2680a6196decfcb4b6bfe30335655abcf6cc
-
SHA512
6b2ce83ada107a77100c34d7bf62b90c0a77975d7085d07e7699f4ad0c1688129468e4e4f6f52603d29c0de12889aad71a39d1a07db8270a05cddbaedc1dda96
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
Processes:
svchost.exedescription ioc process File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{8FC8949D-CD4C-40C2-BAC0-EEDD104F2171}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{1CE8B6C3-9E84-4029-8589-95349B11B689}.catalogItem svchost.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
svchost.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz svchost.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
Processes:
svchost.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS svchost.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
AcroRdrDC2200120117_en_US.exepid process 4748 AcroRdrDC2200120117_en_US.exe 4748 AcroRdrDC2200120117_en_US.exe 4748 AcroRdrDC2200120117_en_US.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\AcroRdrDC2200120117_en_US.exe"C:\Users\Admin\AppData\Local\Temp\AcroRdrDC2200120117_en_US.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry