Analysis

  • max time kernel
    48s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08-02-2024 20:47

General

  • Target

    ACFrOgA_MEIH1PFAhw6h0-KUrRuvCrBIMRsTxF5OzEK_ruIi3ccyoRlt3Rt8ApiSDryTJve3-6y0IUIp1WqxP1T9uyz0OvZxGehT.pdf

  • Size

    93KB

  • MD5

    db86f7dbc8f8e480027b972c010c7f1a

  • SHA1

    defe37e75c1463ef4acda633163bd07d3b05856e

  • SHA256

    42896c302d2064e8e8ee73171b002879428cf88747c15602452f9fd5d1b0b58b

  • SHA512

    c40b6dc0791e249cdd2f2718baf27a20d907024d67131cd20daa8cedf4bad1da9e883562952bf4ab39afc3c4d05c478954ae1f07208591fe58cc42b33e20f759

  • SSDEEP

    1536:2Ofi0Tv8XdIUoh9xNJVS5bqZ6y9z9qa7O2VQTb/Z7Rj:ykCoxNJgqYs0aq2VGVj

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ACFrOgA_MEIH1PFAhw6h0-KUrRuvCrBIMRsTxF5OzEK_ruIi3ccyoRlt3Rt8ApiSDryTJve3-6y0IUIp1WqxP1T9uyz0OvZxGehT.pdf"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2496
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2672
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6489758,0x7fef6489768,0x7fef6489778
        2⤵
          PID:2604
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:2
          2⤵
            PID:2872
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:8
            2⤵
              PID:2916
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:8
              2⤵
                PID:2892
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2204 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:1
                2⤵
                  PID:2244
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:1
                  2⤵
                    PID:796
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2860 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:2
                    2⤵
                      PID:1620
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3364 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:1
                      2⤵
                        PID:2192
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:8
                        2⤵
                          PID:2112
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3964 --field-trial-handle=1348,i,13730556084913837149,14871715805328699801,131072 /prefetch:1
                          2⤵
                            PID:1912
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:1636
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                            1⤵
                              PID:1556
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6489758,0x7fef6489768,0x7fef6489778
                                2⤵
                                  PID:1044
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                1⤵
                                  PID:1496
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6489758,0x7fef6489768,0x7fef6489778
                                    2⤵
                                      PID:860

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                    Filesize

                                    40B

                                    MD5

                                    c6969b129900fb90d31dab364862d870

                                    SHA1

                                    456ceafc86e70382b2070382ef2e42263cbbd927

                                    SHA256

                                    0871a5dcfaa91de843fe3ba6daa4b926de5f84d9072219846df043221439d2d8

                                    SHA512

                                    8ebf456bf06ccf59ea3cb6e508429a7b34e522009a04876288c83985a0046c738fa23786ff6e506d7a8b82ed8a4b61cd741ffd635f793cf4761d789aef57359f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                    Filesize

                                    194KB

                                    MD5

                                    36104d04a9994182ba78be74c7ac3b0e

                                    SHA1

                                    0c049d44cd22468abb1d0711ec844e68297a7b3d

                                    SHA256

                                    ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

                                    SHA512

                                    8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    168B

                                    MD5

                                    17ea385550f942281ec03bc67ee590a8

                                    SHA1

                                    e5d217f7970dfe1a683c13b33712b27123ab4182

                                    SHA256

                                    3fb6ff8010cc33c678e2fe88d118283b6661aafe33e1ef516043b563d8374492

                                    SHA512

                                    1806ce9cb5cbd0e18c77ab4e6187959d98999f614182d5ee5696f3a5beb8f506720538cf732c3482b3ec071b23de188f26e0f570a022bae75fedf3f75edcfdf4

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                    Filesize

                                    168B

                                    MD5

                                    3307e97004d5ac0a45e47ad07a14c3a8

                                    SHA1

                                    0a600555f960ec5bf1c1ba20950ec139b2059eed

                                    SHA256

                                    5401bdb146ccdc5c82eb1ec0d8d87f1ed29143f961fb51718549ae2487458a2c

                                    SHA512

                                    caca40b5194eba292eb58c2626850f5241ae364f85d4877094daf464791a17ebe9c0747b3f90303e1f685d8537636afcfdfeb518a6698c6b4e6f032acb0595e2

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                    Filesize

                                    264KB

                                    MD5

                                    f50f89a0a91564d0b8a211f8921aa7de

                                    SHA1

                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                    SHA256

                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                    SHA512

                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    363B

                                    MD5

                                    44cc10ee6818dba26b9e7224d4a23894

                                    SHA1

                                    b0da56568ef850c8e66980e5e9000a658a330533

                                    SHA256

                                    9d84617125068d14f0ec1804298deaeb6e274cd1d384a6efc1dc56396f82fa85

                                    SHA512

                                    db28d834665e880c78d67539fe6f4245a2ccab9788937f983b4c1707045e5e5cc32e4b7d0746d4427a136b41a52a25064a0b0c3f6f1c5fdb6bd65665aa4b701b

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                    Filesize

                                    363B

                                    MD5

                                    011253a05149681f654bb97c93d7e40b

                                    SHA1

                                    7fd853d18bb77ca487bd2f558cf3a2e803c498e3

                                    SHA256

                                    7eca3d9afc0206f19d98364ecffae93f77af76fe4036eeace62caab919689b62

                                    SHA512

                                    5bd2dfe27ad2eae25c23faa3aea80bc60bdabab251fada572966a56f88bfdfbe6f4c66f4eaf1e8775efb847d45e4a7e6d9f6bf6d97c360c0ccd01515e231fc85

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    5db226a53d912d3006435b2d64d790ce

                                    SHA1

                                    208e0ee30c875a19fe5671d66a49452b7ffd364f

                                    SHA256

                                    a044de5e44dd8ceeeb01414a857a729104ffa674d6d8183a57ae0c90d5db6391

                                    SHA512

                                    90e412f77329ce6902de0c3b2250da1ec3165eaa1934f3a96873c80793811b627a109fef8ee326aad8a38f7d4cf902736e03efcc5f346e2ab08aca14ce052412

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    7f3f8b5c160787c3680f3c4857bd66d8

                                    SHA1

                                    ae901ab9af85a5ae2ab399112b8aabeabefaa564

                                    SHA256

                                    729f470491a481313bbf52a2bfeaac7d575a3039743b36523c9a1578bbb86675

                                    SHA512

                                    ff31c06e28659e0822799169ef1f91f6f4ccef0cb5bae60fee42e2040999927b9784712a25e50b0ad01d77bf149e62418ac24cb39c99a5a683b9fbeb3b7bb193

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    5KB

                                    MD5

                                    2d57a78bb9120243fba66ad3b1febcd3

                                    SHA1

                                    72941d3b3e6ac3fb2dead5ba66fd9f9aaa07f4b0

                                    SHA256

                                    8e8392f2cfb66992edcd7200d2c9a30b6ba14924ab3427c7f882f662baa20d08

                                    SHA512

                                    ca845339b25eb22fa1255e7e02d117572c866c9deb3acbc68aa222196487d91afe54290086f6a07a8481b65773ca6fb3b0ae63a74aef6d7d63544fa8c3d26f3f

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                    Filesize

                                    4KB

                                    MD5

                                    2d093f58c0ecbff30f3c1b55c8a1704b

                                    SHA1

                                    7721505a046e1a8cff29fd1d5d91cd33d4a2e0c3

                                    SHA256

                                    7d0c90d5e57200a143ec6d1d2593c5821c244574ae891f2cd62140ed08848ae9

                                    SHA512

                                    28d973945c68fc65eedfa3a7d89490dcd1d08b911cc54ae2a741aad6dca2f9f95e567f347f4eb4ca44ce84e3bcf5f895328554b46d81b3ecb27ebf537b0ce32d

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

                                    Filesize

                                    16B

                                    MD5

                                    18e723571b00fb1694a3bad6c78e4054

                                    SHA1

                                    afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                    SHA256

                                    8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                    SHA512

                                    43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    234KB

                                    MD5

                                    1c104332dbee65a1b17edc10f0f802f0

                                    SHA1

                                    8b9263e14344c52f0808361073e7eb2148a4f5d1

                                    SHA256

                                    93a59f66705365dc3417326cfcdc606b803c8d79a488e305d9d570c2f4d4627d

                                    SHA512

                                    bbdbf3329463870053dca80dafe181414fc772b87fcc3c5e7aa1d87ce4733ef3ada3ae2f30ebd414df1e36a36cd147b5317e0f2ded075f6581e77cc6c4c27217

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                    Filesize

                                    234KB

                                    MD5

                                    93f92f92131fd48855511eef3a71c0f8

                                    SHA1

                                    efaceac5a48c4e7f15690939f5e7899008ef2ed1

                                    SHA256

                                    d10e4fe84d20875fd6471ecb2159c64b0ed2a23823d9bd5da48c4826fa209a83

                                    SHA512

                                    946fe10fa9e85aab2fd5f7e354395c28474dee44e38a444e2e3750ad4a3eb07839c82cc74df5ed1d68a9807c058aee7a6e6b1e8b700742dbd2c8a5403b2cfe80

                                  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

                                    Filesize

                                    3KB

                                    MD5

                                    e4252c28bc46f37142ea907b165b0d97

                                    SHA1

                                    c80433ea693911becd34ed7f54cea7c6c7fcea91

                                    SHA256

                                    b0ac7dc10a8f02e12bd1fe8030045df048ded58082a664d8ac22dcac488dbd44

                                    SHA512

                                    ed061add707f4f57124c4ac9bc0ae608703376aded7626a43b3bca3fe3ffc1860780d78c01751f2df05671d8344c46ef589320b1d7e131ab995cd20db50508d1

                                  • \??\pipe\crashpad_2612_VMRZBUEEWRFAVTPJ

                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e