326158155b9515ad1e6ff052b12a248c1dd3658afe5e6cf16d2ff2eb1738dda5

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2023 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

var www html kemhan/wp-content/uploads/Komponen_Dasar_Elektronika.pdf
Size

848KB
MD5

fb406da71c9b33210c67dd81e09b7cd6
SHA1

166fedde7e90497299037405131448b5f1827326
SHA256

36bd45527bdb2c2874012235caa3cd4be2f0e5976fa8f60b4ae2b0fc8b7d3f4b
SHA512

5e339baadb933cb0c66978f5895f33cb3ed297742605d12b471834b66930c72cb9e7408262381e9ff399cf1f395f32f322d1f66020138b407a872d8005491125
SSDEEP

24576:BecH800zHkhlU9054gHCQneTvtRWTJp2Xj1:BZHF0jkheE4P4e7DWdgz1

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

4572 AcroRd32.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

AcroRd32.exe

pid process

4572 AcroRd32.exe
4572 AcroRd32.exe
4572 AcroRd32.exe
4572 AcroRd32.exe
4572 AcroRd32.exe

pid	process
4572	AcroRd32.exe

pid	process
4572	AcroRd32.exe
4572	AcroRd32.exe
4572	AcroRd32.exe
4572	AcroRd32.exe
4572	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4572 wrote to memory of 764	4572	AcroRd32.exe	RdrCEF.exe
PID 4572 wrote to memory of 764	4572	AcroRd32.exe	RdrCEF.exe
PID 4572 wrote to memory of 764	4572	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4280	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe
PID 764 wrote to memory of 4612	764	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\var www html kemhan\wp-content\uploads\Komponen_Dasar_Elektronika.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4572

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:764

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=46D8FC334CFA80D1096DC3700D506BED --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4280

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3CD1269D5F530BFD454570B272D90D84 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3CD1269D5F530BFD454570B272D90D84 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4612

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7E55613A043BF311855540D51C74C595 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2552

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A1DE84ADE0C9A1330BE775E839962CA4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A1DE84ADE0C9A1330BE775E839962CA4 --renderer-client-id=5 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1456

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B2DB376C2D76EBCCF98761716E80DCBB --mojo-platform-channel-handle=2560 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4972

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=50E02862DFB67BD86BDAB4B2C766B2E7 --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e7747ad9f4929821f11c5edaf00c6938

SHA1
8544a84e2d10ce6510069fa7740122dd3be4dc1f

SHA256
fb578e5997c21c2a3c12226fb482f54938b364582cbd7b5f31222b2c4e319941

SHA512
1dd3c2fcb96dc5d6e9029dbe22369dfba59f69a925952910e06d46ce52452547c2046e9045a4144ba06461a4cbf505b2759f4ec12f5e46be993313259834c967

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
fd9c0a902a22023900c00775a0073857

SHA1
4406a4ce59a247610618982f916018828f0c1099

SHA256
2a81998eacef03552e14195a730f0c7e17b0fb48f9192d6eb07fc1a3c7c2fa46

SHA512
4fed7dc402242d977408b2dcef50f799b27c5bfce86ac9e3499bffd3dd4c056335b739811c0ac81ab4449483f6f95c3cb5240c257ee6382f107f3490e4e1cad9

Download Submit
memory/4572-162-0x000000000AE10000-0x000000000AE31000-memory.dmp

Filesize
132KB

Download