28341073c3945162af5284f4d441bad123504603238d07b4a6ebb52129b6c929

Analysis

max time kernel
148s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd025466abaa1e0c1ee73311ad875a7f.pdf
Size

63KB
MD5

bd025466abaa1e0c1ee73311ad875a7f
SHA1

516458fabbf6bdf6883419f88693c48f536686d8
SHA256

28341073c3945162af5284f4d441bad123504603238d07b4a6ebb52129b6c929
SHA512

ffc80ca1525cd04daf49c12179e621f55b14d1b52d23990825ebb35ab568fc736b87999596a9a76b38c3a087d51be4d651b6ab7638cba2be3396711a1faf6d69
SSDEEP

1536:fVYohgvi6ymnsSJ+lxWSJo6jmtUTf69taekZm+RQyMJip:tVhci6yQ+zDjyUm9XYPRQyMy

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4840	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4840	AcroRd32.exe
4840	AcroRd32.exe
4840	AcroRd32.exe
4840	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 748	4840	AcroRd32.exe	90
PID 4840 wrote to memory of 748	4840	AcroRd32.exe	90
PID 4840 wrote to memory of 748	4840	AcroRd32.exe	90
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 1852	748	RdrCEF.exe	91
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92
PID 748 wrote to memory of 4372	748	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\bd025466abaa1e0c1ee73311ad875a7f.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:748
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9B6BEB12A489E751107C70ACA3575626 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1852
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=51541D6FCC28718D74D298A733006C1E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=51541D6FCC28718D74D298A733006C1E --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5421D5BC779C1BFC6E9C16F5FF4AAC81 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5421D5BC779C1BFC6E9C16F5FF4AAC81 --renderer-client-id=4 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2612
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=52E696CA633997FBA67EB08565846960 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2796
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=05466A12A60896CE08F6B9D0B3E2F84A --mojo-platform-channel-handle=1900 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5068
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AB48EFB11D3135B407A126F85DBDC6DF --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
45a809dfcbb8cb9edeacb42a7731f87b

SHA1
65ebbcc60d7e53e3952a36dc904d18a953a36b58

SHA256
2b0f885cde3d4b912f7ec35908c4734a66b1009161dee1923b008f7d49f46a11

SHA512
bf79bd23417d38e6ccdfbfad9a4f715c064114da155e9012703af256e325de87de1e83121897fb743d480d9302a955199d362036e6493b66e399fa45569396f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
98ab734db7e815c34c19f9ac5fde1c9d

SHA1
bd5ef880dcfd415254fd662a37b3b54e0f779bad

SHA256
adb0390c390f94b2c83c9ab5052eca5eae849f6929d2bd05f4eb34c8f92659d6

SHA512
f32f67f9d04886d0ef9cbc463af90b8c54258239194bbe2e7016705dd7697007bc3f4d7f91d9a41c279fa13f7f1105f5cdf54f8c76ebeb0e63a0c23e6edcf71e

Download Submit
memory/4840-88-0x0000000007400000-0x0000000007421000-memory.dmp

Filesize
132KB

Download