1e6d872b3023308f1dfaed643c7174542523edcc0d61429b9ecf06be884dc45e

General

Target

AcroRdrDCx642300120064_en_US (1).exe
Size

331.8MB
MD5

9c55e172c303167f802900adbfa8ffa1
SHA1

029212f3f5415a108be943c15e1343718e6c77dc
SHA256

1e6d872b3023308f1dfaed643c7174542523edcc0d61429b9ecf06be884dc45e
SHA512

fd419f8151084ee59cd881e71ff4c1baf8a029a9cc2f5f27abfa7f4538e22c52bf24e25b7adfeeb0be4d15839a34c26ada7d6d1baef97a483bcc2ff80b87e838
SSDEEP

6291456:nzwRUHohZ0VHvxI0/r8tHocbZRpwAGVJcSyUOD5xtxz9TeDjnHQZA07B8:VohZTtofA6wDj/z9SeT8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
560	setup.exe
1248	Process not Found

Loads dropped DLL 2 IoCs

pid	Process
1056	AcroRdrDCx642300120064_en_US (1).exe
1248	Process not Found

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\4177.txt	AcroRdrDCx642300120064_en_US (1).exe
File opened for modification	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}	AcroRdrDCx642300120064_en_US (1).exe
File created	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\Core.cab	AcroRdrDCx642300120064_en_US (1).exe
File opened for modification	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\Core.cab	AcroRdrDCx642300120064_en_US (1).exe
File created	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\abcpy.ini	AcroRdrDCx642300120064_en_US (1).exe
File opened for modification	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\abcpy.ini	AcroRdrDCx642300120064_en_US (1).exe
File opened for modification	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.ini	AcroRdrDCx642300120064_en_US (1).exe
File created	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe	AcroRdrDCx642300120064_en_US (1).exe
File opened for modification	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\AcroPro.msi	AcroRdrDCx642300120064_en_US (1).exe
File created	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.ini	AcroRdrDCx642300120064_en_US (1).exe
File opened for modification	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe	AcroRdrDCx642300120064_en_US (1).exe
File created	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\AcroRdrDCx64Upd2300120064.msp	AcroRdrDCx642300120064_en_US (1).exe
File opened for modification	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\AcroRdrDCx64Upd2300120064.msp	AcroRdrDCx642300120064_en_US (1).exe
File created	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\AcroPro.msi	AcroRdrDCx642300120064_en_US (1).exe
File opened for modification	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe	AcroRdrDCx642300120064_en_US (1).exe
File created	C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\WindowsInstaller-KB893803-v2-x86.exe	AcroRdrDCx642300120064_en_US (1).exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1056	AcroRdrDCx642300120064_en_US (1).exe
1056	AcroRdrDCx642300120064_en_US (1).exe
1056	AcroRdrDCx642300120064_en_US (1).exe
560	setup.exe
560	setup.exe
560	setup.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 560	1056	AcroRdrDCx642300120064_en_US (1).exe	28
PID 1056 wrote to memory of 560	1056	AcroRdrDCx642300120064_en_US (1).exe	28
PID 1056 wrote to memory of 560	1056	AcroRdrDCx642300120064_en_US (1).exe	28
PID 1056 wrote to memory of 560	1056	AcroRdrDCx642300120064_en_US (1).exe	28

C:\Users\Admin\AppData\Local\Temp\AcroRdrDCx642300120064_en_US (1).exe
"C:\Users\Admin\AppData\Local\Temp\AcroRdrDCx642300120064_en_US (1).exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe
  "C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe" /msi DISABLE_CACHE=1
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

Filesize
627KB

MD5
090f1822610c58e493d6bd8f915aa761

SHA1
41e79831737d306fa7b4fbd2169bcfdd5a32d4e8

SHA256
26001d6af714fcae74af8ecbee993d017e0005b1a5ae0cc7213963d882d279f6

SHA512
1f01e79b9b6bf477a9cfc6ecbe9488c1d5ead7f4e942d81230c6a67b7c9779441fe319ba246db06592c176abb3eac5b0660b3c719ef26f27f9b81e42bb06b6f0

Download Submit
C:\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.ini

Filesize
369B

MD5
93c909598b25a7aee5cca2eb13617344

SHA1
cfafbbb64ca5b7b84266da424538cc1ae4635197

SHA256
9a2697c7f6e57b3e6df77b89f43b161395087316ed197a29ee56a3dc714538d0

SHA512
0b8803ee147c5f945bdc5580501e97d267496e1679459371b24f46f74fdc19a2978b11a1689f2b84b5727525a6069ed78c0525778f04fa704c2b0e0ee6a2810d

Download Submit
C:\ProgramData\Adobe\Temp\19318\config.bin

Filesize
3KB

MD5
d0c49f817a425096b7d31969b83b4ed4

SHA1
657f941b4cb00521c479ee09e1f0db2890fa3ba3

SHA256
22c956b57cd0c7e15bae3d09ab2506532400e56a740f89cc13e0da08ea1b73be

SHA512
b56f02a8684102a3bfb8313f938f7f0ce1c8656629a670f0ca589ac4caaa82f2a91c0bdfafbff0e6ba6c196f94163f24a2047762719872b01a6a0137545482f8

Download Submit
\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

Filesize
627KB

MD5
090f1822610c58e493d6bd8f915aa761

SHA1
41e79831737d306fa7b4fbd2169bcfdd5a32d4e8

SHA256
26001d6af714fcae74af8ecbee993d017e0005b1a5ae0cc7213963d882d279f6

SHA512
1f01e79b9b6bf477a9cfc6ecbe9488c1d5ead7f4e942d81230c6a67b7c9779441fe319ba246db06592c176abb3eac5b0660b3c719ef26f27f9b81e42bb06b6f0

Download Submit
\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

Filesize
627KB

MD5
090f1822610c58e493d6bd8f915aa761

SHA1
41e79831737d306fa7b4fbd2169bcfdd5a32d4e8

SHA256
26001d6af714fcae74af8ecbee993d017e0005b1a5ae0cc7213963d882d279f6

SHA512
1f01e79b9b6bf477a9cfc6ecbe9488c1d5ead7f4e942d81230c6a67b7c9779441fe319ba246db06592c176abb3eac5b0660b3c719ef26f27f9b81e42bb06b6f0

Download Submit
\Program Files\Common Files\Adobe\Acrobat\Setup\{AC76BA86-1033-1033-7760-BC15014EA700}\setup.exe

Filesize
627KB

MD5
090f1822610c58e493d6bd8f915aa761

SHA1
41e79831737d306fa7b4fbd2169bcfdd5a32d4e8

SHA256
26001d6af714fcae74af8ecbee993d017e0005b1a5ae0cc7213963d882d279f6

SHA512
1f01e79b9b6bf477a9cfc6ecbe9488c1d5ead7f4e942d81230c6a67b7c9779441fe319ba246db06592c176abb3eac5b0660b3c719ef26f27f9b81e42bb06b6f0

Download Submit

Analysis

Sharing