Analysis
-
max time kernel
184s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 12:33
Static task
static1
Behavioral task
behavioral1
Sample
PDF.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
PDF.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
PDF.exe
-
Size
259KB
-
MD5
c664e5778bd251d8649c4369bf3ca0ef
-
SHA1
813876c89a9375d853a9fdc43acde7b76d97377c
-
SHA256
f6028e213b27ed3153e3ff224f40fdc35a053c1d9a3cb795eed8211ecfca26d9
-
SHA512
492758e5f6b6c2049bdabfe6c928e1a22329c78387da98a25952036001c81a23b7af81e1be4e8a941c10adfba6fef3a55292b9dd3aabfd625521de2a50d3d8ba
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
PDF.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B = "\"C:\\Users\\Admin\\B.exe\"" PDF.exe -
Suspicious behavior: EnumeratesProcesses 19 IoCs
Processes:
PDF.exepid process 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe 3800 PDF.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
PDF.exedescription pid process Token: SeDebugPrivilege 3800 PDF.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3800-130-0x0000000000B10000-0x0000000000B58000-memory.dmpFilesize
288KB
-
memory/3800-131-0x0000000005A30000-0x0000000005FD4000-memory.dmpFilesize
5.6MB
-
memory/3800-132-0x0000000005520000-0x00000000055B2000-memory.dmpFilesize
584KB
-
memory/3800-133-0x00000000055C0000-0x00000000055CA000-memory.dmpFilesize
40KB
-
memory/3800-134-0x0000000005820000-0x00000000058BC000-memory.dmpFilesize
624KB
-
memory/3800-135-0x0000000005FE0000-0x0000000006046000-memory.dmpFilesize
408KB