82954912021ba9e19431e4d1d84199bd63d1d42936fa487944bea114bf6f52d0

Analysis

max time kernel
221s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2b70f93ae8626f288baa8cb9f91280e5.pdf
Size

33KB
MD5

2b70f93ae8626f288baa8cb9f91280e5
SHA1

b712c51edfb696baf73383ef85d1fad702c29b22
SHA256

82954912021ba9e19431e4d1d84199bd63d1d42936fa487944bea114bf6f52d0
SHA512

6148ba4f86002e147707d9a8cb1fae829f1edfc9f2dae242587f18394620a57934c2528bf91d5a4efd0a3fa78c387d09dbf72408ccffbb95e9c456491b739545
SSDEEP

768:3JoeAN+oivfDShBHYKqIKxyTn4Fq7AQDi5y3a33SikxQO/8:5d3oiOYKqIkS4mAiT/DxQOk

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4076	3432	WerFault.exe	86

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3432	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3432	AcroRd32.exe
3432	AcroRd32.exe
3432	AcroRd32.exe
3432	AcroRd32.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2b70f93ae8626f288baa8cb9f91280e5.pdf"
1⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 668
  2⤵
  - Program crash
  PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3432 -ip 3432
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads