Analysis
-
max time kernel
92s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05-02-2024 16:09
Behavioral task
behavioral1
Sample
043c33bc149c689f74cfa6c6519b3b5b5bf649c339e38649fbb36609aa09c92b.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
043c33bc149c689f74cfa6c6519b3b5b5bf649c339e38649fbb36609aa09c92b.pdf
Resource
win10v2004-20231215-en
General
-
Target
043c33bc149c689f74cfa6c6519b3b5b5bf649c339e38649fbb36609aa09c92b.pdf
-
Size
52KB
-
MD5
7e47ee13c88e4e95d53ddc893f671bbe
-
SHA1
322e3c649d305166242ee8981a23b1f6cd7fda86
-
SHA256
043c33bc149c689f74cfa6c6519b3b5b5bf649c339e38649fbb36609aa09c92b
-
SHA512
212e3b2d98497ecbb556faadd60e796f182066d7d26fa40d6a4dfe090d726a211d91da97d584e839771bd12bc96e27a2a47925f0dce2148fa0f6d273dab3db05
-
SSDEEP
384:Uo/5555555558F67cdOr9wavSN/Bi36livBs03C:Uo/555555555+KhGwe03C
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 4148 AcroRd32.exe 4148 AcroRd32.exe 4148 AcroRd32.exe 4148 AcroRd32.exe 4148 AcroRd32.exe 4148 AcroRd32.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\043c33bc149c689f74cfa6c6519b3b5b5bf649c339e38649fbb36609aa09c92b.pdf"1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4148