efbf0b4b221e47d77c8fedcb48ae32800ef85cd092566afab6c2558106c1cc87

Analysis

max time kernel
66s
max time network
65s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
29/06/2023, 10:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Apliecība.pdf
Size

66KB
MD5

0dafe2c8b250bf40137d4f32a584e203
SHA1

aaa20ba9e92b2b5570914440c5a1b5ce7a8acb30
SHA256

efbf0b4b221e47d77c8fedcb48ae32800ef85cd092566afab6c2558106c1cc87
SHA512

20683092f5b13a7b0e66ae1027c92966d8522b14c40b001ae2d373e30a70062e5c5f9c9b1a1f133bbc476a16233d9cf047a2ecbf271549e5ed112be6044c78c7
SSDEEP

1536:iptrva6QFuwmeZ+5qOdqeWchs8AmRCzizF8:UtrC6zwjM4BeWeshmReizF8

Score

1^/10

Malware Config

Signatures

Modifies registry class 31 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_FolderType = "{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1092616193"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy\TV_TopViewVersion = "0"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_Classes\Local Settings	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1306246566-3334493410-3785284834-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1704	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1704	AcroRd32.exe
1704	AcroRd32.exe
1704	AcroRd32.exe
1704	AcroRd32.exe
1704	AcroRd32.exe
1704	AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Apliecība.pdf"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
61b759539e8dcd4405904f4a9588f40f

SHA1
67316a9ab889efe3425cd871f3c38306d56e1ecc

SHA256
97a3c33f45a091c683bc8b585399f62099f14a87d00c31a1602acd59e5e0ca70

SHA512
a2b9663657f5dc939dc2c033a6cdc09e06342ddbf93a868d6ce610542faa737b6af21406166399c100a00f98945d13c9488af73271326339de677f13d1efe8dd

Download Submit
memory/1704-71-0x00000000020E0000-0x00000000020E2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads