023b9df959ed6acef1505d27d933daa94a28b3dfc6556f0f1a8887a65f694b5f

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab1740f4b0f2f8d057e857cc8b911f40.pdf
Size

85KB
MD5

ab1740f4b0f2f8d057e857cc8b911f40
SHA1

747cb80f8ca17935f3f0cc4016a494796efbd428
SHA256

023b9df959ed6acef1505d27d933daa94a28b3dfc6556f0f1a8887a65f694b5f
SHA512

3f6db357eaca5294ad4c05f7824fdb73b4192f4a832afd60808925caedd751c75d4519db4f55192131253717941dc450fa8b7c9d8a404b1b2eb9be0100c9bbd1
SSDEEP

1536:iH8I2jT/BVha0k4ZFFoU0DEp5V6ZrJvW5FxjTzfMT+Xi4WOpOwruhqCN8:G8dLikFFoF45V6Z8xPzf/Xi1wrusR

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
32	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
32	AcroRd32.exe
32	AcroRd32.exe
32	AcroRd32.exe
32	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 32 wrote to memory of 1740	32	AcroRd32.exe	92
PID 32 wrote to memory of 1740	32	AcroRd32.exe	92
PID 32 wrote to memory of 1740	32	AcroRd32.exe	92
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 3440	1740	RdrCEF.exe	93
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94
PID 1740 wrote to memory of 4192	1740	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ab1740f4b0f2f8d057e857cc8b911f40.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:32
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=ED3B8C7925827E9A0963624CED0E8755 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=ED3B8C7925827E9A0963624CED0E8755 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3440
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BB299CE75BBEA2F2C23AFB769F8F0B00 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D0255653CA84553EFED164B7A88CDF39 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3096
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AFDB9683BE9FF5D9AF84583B8CD19543 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AFDB9683BE9FF5D9AF84583B8CD19543 --renderer-client-id=5 --mojo-platform-channel-handle=1996 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2204
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=289079B0AD19D77E6040C872B3F6EF71 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4332
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C2446D6CF96496BC63B5B1F42A3435EB --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d03393c970c3359bd42fa71ee91ff876

SHA1
3a50c36e49cc9d5eef67000e2ec7cd99ee6ad4aa

SHA256
9139d1597b4be3567c22b99e5651f8b64451f7975dede7d560867826deea3ce4

SHA512
29b2c5729b076f99ebcf3f759360785ea290b56baed3ac70ff131861ee6de605360ae6d82df174b4dededf941508a85d0803be749a74b55281f86f928837e22f

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b3b71e6cae40443abd04b5e815044c1a

SHA1
aa8f06c34d2751b32c887051fa4cc77e2328a531

SHA256
5c192ff60a62092664ed23483a71249ddeaaab00fa690f6146bd5205ccfe3357

SHA512
82e3ad2253ff9dda0f58e8e67856ec33fc892b7735f1e335a1565b22db7f9448f8a5cef511f084dcc2f28d55d0b0e3a409654b35097b0f82aa473b69fe64ca08

Download Submit