Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24-01-2024 16:58
Behavioral task
behavioral1
Sample
9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a.pdf
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a.pdf
Resource
win10v2004-20231215-en
General
-
Target
9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a.pdf
-
Size
50KB
-
MD5
51a5658730f585307207a4d36711ca1c
-
SHA1
dc17e85ca3d302f33de40dd3313ff63722d1c216
-
SHA256
9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a
-
SHA512
ea01d80d95f9da39bb95b7a8f2fd4a46af9ec746cab5e1fa9a23647e94cc7b4e7c3767f8e3c80fa5336935133b57361779f81f35681da436bcf9adbf85b055a3
-
SSDEEP
192:c0gTICXfyVWVZ5GWa2pxTZmE3tu8qv6oFZ8K:3YsWNGWJpxPu8qvdL
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 3164 AcroRd32.exe 3164 AcroRd32.exe 3164 AcroRd32.exe 3164 AcroRd32.exe 3164 AcroRd32.exe 3164 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9ac3bb7cf71d366dbbbe231822f3785034009b94e742dadb80ef33984bf2e07a.pdf"1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:3164