Analysis
-
max time kernel
159s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
04/01/2024, 19:01
General
-
Target
41aa1be80027790a4800510338dbe835.pdf
-
Size
16KB
-
MD5
41aa1be80027790a4800510338dbe835
-
SHA1
8891ca5a72bd37e540104ef2cce06e4a5537de80
-
SHA256
e53561504bcaa7cc3490d76bd64767cb41b0cb3254bba6a1d564691466ab76ff
-
SHA512
2cc14aad32c3294ffa3e2027b92a9280d0fae82ef1b86c0fbd56df8b851c9016ceb605db41ee197d9458fe0027c0ed1e8d04953fb2dbd0fa271b8e7c8e4ab170
-
SSDEEP
384:VzZvyhMQz1WI8nqi6VEUwQSpwd8/nvxhuOXt9SmQ2Ury:VzBONz1WI8nqi6VEUwQSpwd8/nvxhuOL
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\41aa1be80027790a4800510338dbe835.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-