034127a83e6b437a5a3bf53216e2da00c96e6d4efcee71c80fde50d2e37ef8e5

Analysis

max time kernel
145s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 06:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

addcf565caaab4af1445903e8f5429ff.pdf
Size

87KB
MD5

addcf565caaab4af1445903e8f5429ff
SHA1

6f2e72cc3872fad2be957ba1822c2037334dc8f7
SHA256

034127a83e6b437a5a3bf53216e2da00c96e6d4efcee71c80fde50d2e37ef8e5
SHA512

38db85351d637116af213c78863e60db4a9e5eee3ea4191c2421bea67df259135bdaf4cabdb068761d272b590cfbc4ed832a8a22f45f2b320631f60ee6003bc9
SSDEEP

1536:p+pfpCYdbyK8Ol+VuSd9wIfTmei1DY6fjKLPF6UjWl+J//WOpOaZxlHnYlpK6:+V9ybhd9w8aei1DXOP7r/QaZxlHoZ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3808	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3808	AcroRd32.exe
3808	AcroRd32.exe
3808	AcroRd32.exe
3808	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 416	3808	AcroRd32.exe	91
PID 3808 wrote to memory of 416	3808	AcroRd32.exe	91
PID 3808 wrote to memory of 416	3808	AcroRd32.exe	91
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 996	416	RdrCEF.exe	92
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93
PID 416 wrote to memory of 4244	416	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\addcf565caaab4af1445903e8f5429ff.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:416
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=09D483D0EE0C871EC1B1CFB4ABAA9C19 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:996
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=06DE31011740EE0EB2B17FEA06184BDC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=06DE31011740EE0EB2B17FEA06184BDC --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4244
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1230D311371C5B8C4AE4F6F59B2BFAB4 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1232
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FF78DD954203DAA31E0623E0E117D0B2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FF78DD954203DAA31E0623E0E117D0B2 --renderer-client-id=5 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3236
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=420059E40976F8B50E8572E26F472120 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:856
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0AC2B0498EABC9555AF98E115321133D --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
527c1cf70c54a2e86bac5d104cdb418b

SHA1
e73690c67d8b9ee79267bd7c8f52b16a49a40cb9

SHA256
cf59a611011542a8368b3840d47f4e56982613b4904d399c134bb4c35c3b2193

SHA512
3df70e12d0c390d6e63c029ebdf28bb56d8afb1ea30725badf50354306c6c46c8e1fa265858f9ea27fec2ccdbee0b8d58cdfb34e4b6547eab3244e0839707193

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c534273d2c00095d5a30893743cf560c

SHA1
795eb2e5f7049f89f020749ab994d7bc91c75456

SHA256
9bf661d96babad15d56562e7758b557b42cb4d5a65c2205f7519e99363f4459c

SHA512
3356d31b3ca81d19d038bc4c4d26a0b2c57a05ef5ec269ebe6aff2248957f4470cf46be51ab9cd760d753764b5f48a98068e574ceae819c439cb09253d60154b

Download Submit