a96a56f14d0ec4eec0543792633eb4f5a4ff0358aba47668126ddd47b9608715

Analysis

max time kernel
1s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 10:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b35b9520973cf3fef4983db98d78271.pdf
Size

15KB
MD5

4b35b9520973cf3fef4983db98d78271
SHA1

b4d57ee9676c2c5c592cd3359d4d0b1ddc02b6f1
SHA256

a96a56f14d0ec4eec0543792633eb4f5a4ff0358aba47668126ddd47b9608715
SHA512

c1e7f9e7db1ace1de866ffbe065bf5cf250289412b71f53e0e30092680e40e75909995324ac7684e6f8486a474ae81ddbba4457755f40157f5b604fdcb7a78f5
SSDEEP

384:riWCLbVViusrZLBWYk77vM+HKiXn3neZDhpKU:rvV91dWYk77hZuDhf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4100	AcroRd32.exe
4100	AcroRd32.exe
4100	AcroRd32.exe
4100	AcroRd32.exe
4100	AcroRd32.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\4b35b9520973cf3fef4983db98d78271.pdf"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4100
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:2484
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=74C4A5EEBE7A1311FADB1CB5EC6FAC63 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2924
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=465E884B58DE2CE8F91C43F2B70080A8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=465E884B58DE2CE8F91C43F2B70080A8 --renderer-client-id=2 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1116
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=849A94870A90F41FB2B40D3D8068B0E1 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4092
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=011138896A7B6614A31937E8F4E05A00 --mojo-platform-channel-handle=1932 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4428
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=29047FD69953F87A7B58F03A3EFCBCFD --mojo-platform-channel-handle=2376 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

Network

DNS

83.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

83.177.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

206.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.178.17.96.in-addr.arpa

IN PTR

Response

206.178.17.96.in-addr.arpa

IN PTR

a96-17-178-206deploystaticakamaitechnologiescom
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

195.233.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.233.44.23.in-addr.arpa

IN PTR

Response

195.233.44.23.in-addr.arpa

IN PTR

a23-44-233-195deploystaticakamaitechnologiescom
DNS

195.233.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.233.44.23.in-addr.arpa

IN PTR
DNS

133.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.71.91.104.in-addr.arpa

IN PTR

Response

133.71.91.104.in-addr.arpa

IN PTR

a104-91-71-133deploystaticakamaitechnologiescom
DNS

133.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.71.91.104.in-addr.arpa

IN PTR
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

140.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.71.91.104.in-addr.arpa

IN PTR

Response

140.71.91.104.in-addr.arpa

IN PTR

a104-91-71-140deploystaticakamaitechnologiescom
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR

Response

173.178.17.96.in-addr.arpa

IN PTR

a96-17-178-173deploystaticakamaitechnologiescom
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR
DNS

173.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.178.17.96.in-addr.arpa

IN PTR
DNS

Remote address:

93.184.221.240:80

Response

HTTP/1.1 206 Partial Content

Content-Type: multipart/byteranges; boundary=3d6b6a416f9b5
Accept-Ranges: bytes
Age: 8525657
Cache-Control: public, max-age=17280000
Content-Disposition: attachment; filename=Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe.Msix
Date: Mon, 08 Jan 2024 10:39:04 GMT
Etag: "zz/eo+4uyTK7KXfTFIC318u927g="
Last-Modified: Wed, 15 Mar 2023 18:19:22 GMT
MS-CorrelationId: 6374aa3d-dfbb-46aa-a4cf-892c1f98468d
MS-CV: 30diLZD500+NwVsF.1.0.2.1.1.0.0.19.2.18.160.1.1.0
MS-RequestId: 548d8be8-2a7d-41a1-9b64-dc5b26acf965
Server: ECAcc (lhc/7949)
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 5.2
X-Azure-Ref-OriginShield: Ref A: 41878F9BE6014031919195A586C2F00E Ref B: AMS231021311033 Ref C: 2023-09-21T06:29:01Z
X-Cache: HIT
X-CCC: GB
X-CID: 11
X-MSEdge-Ref: Ref A: 07DA1A7212804417BAC4CFA1B06E5B3F Ref B: LTSEDGE2120 Ref C: 2023-10-01T18:24:47Z
X-Powered-By: ASP.NET
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Content-Length: 82336
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

Response

134.71.91.104.in-addr.arpa

IN PTR

a104-91-71-134deploystaticakamaitechnologiescom
DNS

134.71.91.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

134.71.91.104.in-addr.arpa

IN PTR

93.184.221.240:80

http

2.8kB
85.9kB
56
64

HTTP Response

206

8.8.8.8:53

83.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

83.177.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

206.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

206.178.17.96.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

195.233.44.23.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

195.233.44.23.in-addr.arpa

DNS Request

195.233.44.23.in-addr.arpa
8.8.8.8:53

133.71.91.104.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

133.71.91.104.in-addr.arpa

DNS Request

133.71.91.104.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

140.71.91.104.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

140.71.91.104.in-addr.arpa
8.8.8.8:53

173.178.17.96.in-addr.arpa

dns

216 B
137 B
3
1

DNS Request

173.178.17.96.in-addr.arpa

DNS Request

173.178.17.96.in-addr.arpa

DNS Request

173.178.17.96.in-addr.arpa
8.8.8.8:53

134.71.91.104.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

134.71.91.104.in-addr.arpa

DNS Request

134.71.91.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
51KB

MD5
8ee8a83ead3f6cfaacf4c679d7be7928

SHA1
25ffcf516ba3b7944321376523eed944c1cff9bb

SHA256
0a6bd4d29b9acb279377800a6c76d4ea95f67c1c6a00295cddd58b67ecb2ab23

SHA512
2a23b507bd97fa1fb84c9f0d223492b9633718c325902e9aafabc9a864ee3c0f2096d69f8a870d3a26535de70c4f4d97f59a6af7d7450ac0c51c316da76e40ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
c26ed30e7d5ab440480838636efc41db

SHA1
c66e0d00b56abebfb60d2fcc5cf85ad31a0d6591

SHA256
6a3c5c4a8e57f77ecc22078fbf603ecc31fb82d429bd87b7b4b9261447092aef

SHA512
96cdb78bca3e01d4513c31661987e5646e6a8ff24708918aa0d66dfa3ca5d98af4862c9f38c4f41f933c345d2d3adfb1d34d1430b33f45f916f41a9872a030df

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
7KB

MD5
6a5e55abd444a83a15f28677c0af710b

SHA1
a9e604480fc33298acd57c08b302180917e2ad76

SHA256
1a4fd82aeaea5c686781fa5646a4b98b507a81a090ddc2f0178b8df40df4caa5

SHA512
78ccbe541f0bb0a9d4a06cf22664220d1c7c9e880f4dad4dd07e127ad25da37675a31ad6508468f2e18b2dc280199430070dfb68eacf47f60aa11d3467bd5310

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.