Analysis
-
max time kernel
123s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30-10-2022 14:32
Behavioral task
behavioral1
Sample
5b5fbe85bd6e4769415df4e1bbff0260f974bbc1839d54d2b24699d247725904.pdf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5b5fbe85bd6e4769415df4e1bbff0260f974bbc1839d54d2b24699d247725904.pdf
Resource
win10v2004-20220812-en
General
-
Target
5b5fbe85bd6e4769415df4e1bbff0260f974bbc1839d54d2b24699d247725904.pdf
-
Size
2.8MB
-
MD5
c1f82bef96bf5376f4adc7459d090c54
-
SHA1
aad044a710cfe2fb0d09f711a607413a612bb153
-
SHA256
5b5fbe85bd6e4769415df4e1bbff0260f974bbc1839d54d2b24699d247725904
-
SHA512
7ed66d081fece954d1ebe31e4799fdb401db8fdb85bea903d2e9da472d4503f09e73ea808bdbd491c0ac282b877f688341ef1e0ee92a810e9d65f187a8a423f7
-
SSDEEP
49152:17E2e+WraypVsSLgLBHv21CambvSbSPMxya9fQ6zxk9kdlKdlQHUBx:142/WraypcHvkCRIS0xxyExk9OKLOa
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 3504 AcroRd32.exe 3504 AcroRd32.exe 3504 AcroRd32.exe 3504 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5b5fbe85bd6e4769415df4e1bbff0260f974bbc1839d54d2b24699d247725904.pdf"1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx