Analysis

  • max time kernel
    90s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2022 05:04

General

  • Target

    977eca1cc5c68296262b8620a3277ca60babdfc18075c02b6ca7540ff8fc7790.pdf

  • Size

    1.5MB

  • MD5

    f55393d92bde85d040ec76144a01de83

  • SHA1

    a5bcb49aacaea4d8e1f9221eb7fb4aa1e25a953b

  • SHA256

    977eca1cc5c68296262b8620a3277ca60babdfc18075c02b6ca7540ff8fc7790

  • SHA512

    c85401d2321fd3eeed1a422bcc7b57a8fe1d0132d0f4b0967c4277605a78cb07929cbbbc3e49695d105e4af53e604393bac7cd480c9761bec5662eabf0931326

  • SSDEEP

    24576:dkibi959F85tOZBfCfcp7dLl7xk6KOWDL0AwQ68zPICUABwHf3Yg10f7ANRf:dhi7CUfWcphllk6KOW/0c6jCfBEf3gsf

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\977eca1cc5c68296262b8620a3277ca60babdfc18075c02b6ca7540ff8fc7790.pdf"
    1⤵
    • Checks processor information in registry
    • Suspicious use of SetWindowsHookEx
    PID:1500

Network

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads