053fed8ca5bd38df3e1ee82727d5a1e9539f36be949f7d29e0f160bfbe65bbad

Resubmissions

20/07/2023, 06:42

230720-hgvhssdg5w 3

Analysis

max time kernel
591s
max time network
521s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 06:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

European Sustainable Plastics Summit 2023.pdf
Size

616KB
MD5

1381a094fef6d16adcf387ec3ea7542b
SHA1

eb48500a1e9d42b3596b1f7cc4eaef6e973343cb
SHA256

053fed8ca5bd38df3e1ee82727d5a1e9539f36be949f7d29e0f160bfbe65bbad
SHA512

fb2e942943b26dedf85ce070b83767f98e5fad83d2219495636421bc7d0cb9a5211915390ab6526d9c0986a479ae9fbb8ef08d0fb9b7a68719a26c9bbd852b94
SSDEEP

12288:6D4FBh/N5R5bj5WFBH3ZhR/0lTu/7e8j93McwX:68trRR5iZhR/0lEBWcwX

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
712	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
712	AcroRd32.exe
712	AcroRd32.exe
712	AcroRd32.exe
712	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 4196	712	AcroRd32.exe	91
PID 712 wrote to memory of 4196	712	AcroRd32.exe	91
PID 712 wrote to memory of 4196	712	AcroRd32.exe	91
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 3972	4196	RdrCEF.exe	93
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94
PID 4196 wrote to memory of 4100	4196	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\European Sustainable Plastics Summit 2023.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:712
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4196
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5C6B63C46A31C96D2EBA9C59FBE903D2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3972
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FA8200B69277C136F044C7C9BC9F0D2A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FA8200B69277C136F044C7C9BC9F0D2A --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4100
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=29DDD291BE479B79BF028ECE9968A605 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5116
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1A5633D0327B73C8E4F294630E98DE97 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1A5633D0327B73C8E4F294630E98DE97 --renderer-client-id=5 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4636
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=18EF95544D115BDC890FDC6710ABC3A7 --mojo-platform-channel-handle=2596 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1820
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9EDD0B6735CF42EBF6213E51E5D36A7C --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5e2483d03e2c854d755375a684769bfd

SHA1
9b46be35e76a1c4a390d00040d69666e28cb8eac

SHA256
0f17e84b5e6e5a2a6a60bc36a5592a0edb95e9b693153ef2fe9d4b571b0347af

SHA512
d4d76be1943b5fbcafce4686b6dbf9a0d8a2c4b5dbc2145d58124c1965ce1e9c7262c2fa266d75c9d420b42a84c37c3e730dbeaca78d452991b5bdb253b93d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
72bc74a644ec3525782034360b624555

SHA1
ab6482cef418f39696ddb3acd194b70157a5aa70

SHA256
07160abac8397607882f63f8090af8c00b3ffb6fd40561fd7bd7d95936502bb3

SHA512
50a67ad09353cf4c1f090bec07272873611cc97a6591790833cad32fee3f1d22f4ca0f618be11dda7627f8c984cc17ba649fc973585fc3959175d825011304f9

Download Submit