Analysis
-
max time kernel
291s -
max time network
40s -
platform
windows10-1703_x64 -
resource
win10-20231215-en -
resource tags
arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system -
submitted
01-01-2024 20:34
Behavioral task
behavioral1
Sample
Pink_Triangle_song_-_Wikipedia.pdf
Resource
win10-20231215-en
windows10-1703-x64
5 signatures
300 seconds
General
-
Target
Pink_Triangle_song_-_Wikipedia.pdf
-
Size
149KB
-
MD5
eb867a69a193967dab68c55e09d7b681
-
SHA1
34e1c9c8c9d30c467d7122cd5a6907e7038f6e7b
-
SHA256
17e1ad5da1e065a0984baa70b224d3460c9c2e23a10f584e9e4534f5122531e4
-
SHA512
6625a5739cda2c36cea1cf95b6364daee9b27c85cb436c31573e4add6bc8cd8a1ea901bb0362d2a8e2189a5753c16001831cb22fe8aac1b6d8c69279354148d2
-
SSDEEP
3072:V5ewTO5OEGHd0zTL1fGLiZ6ACbP6ybP4ZXc1jYUMPqSNPGAqbK:iwKgHdEL1+GuP6At6JeB2
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4596 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4596 AcroRd32.exe 4596 AcroRd32.exe 4596 AcroRd32.exe 4596 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4596 wrote to memory of 2180 4596 AcroRd32.exe 73 PID 4596 wrote to memory of 2180 4596 AcroRd32.exe 73 PID 4596 wrote to memory of 2180 4596 AcroRd32.exe 73 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 2804 2180 RdrCEF.exe 75 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74 PID 2180 wrote to memory of 4584 2180 RdrCEF.exe 74
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Pink_Triangle_song_-_Wikipedia.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4596 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F3AC81BCD5C3F35CB0F806CEE082F163 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F3AC81BCD5C3F35CB0F806CEE082F163 --renderer-client-id=2 --mojo-platform-channel-handle=1632 --allow-no-sandbox-job /prefetch:13⤵PID:4584
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=42D17855AD5D8B46854D38EEF8EB9E84 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2804
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4B5D71BF505D0A573123269B450EEF4E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4B5D71BF505D0A573123269B450EEF4E --renderer-client-id=4 --mojo-platform-channel-handle=2232 --allow-no-sandbox-job /prefetch:13⤵PID:1668
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=23D021CB678AC0FAF3CA7B7CBD8642FB --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3252
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=533DE6443E7B813E26603537C5F0155F --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5024
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=27DCAD7F9BE7A59B1718C68660FC1F21 --mojo-platform-channel-handle=2612 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4984
-
-