7b032540d1f2d178cf0c65713f4998c4effe5d54af8d6eb336b82ebe9f76830a

Analysis

max time kernel
140s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Matematica 1/UNIDAD 2/Vasquez-Cristofer-Analogía y Clasificación_Unidad2_Práctica 3.pdf
Size

317KB
MD5

d2858a81063150e5bfd1b14df1e290b4
SHA1

34e52f6da26cf1260661f09ebc1ab5746fb172b3
SHA256

d79c550a5e4a2df1f6f2f60754e78c3162063c14ea17f625ca9e328c89bf448a
SHA512

833674092dba78cf121934ae0e17c66d97503108a57771ed31b496aa2fdbc55e4ef55093da6ac8a88aabc9b589c539d6a9a21046989a4d05c350ea24da1cc3a2
SSDEEP

6144:7mhjiDGF+WwKbDyjntouFjMe1x/8zAoSh+74HT6spXByiHKYb4p9R:7u+DGYCDyvz1xEzAR+7GFJZfb69R

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1724	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1724	AcroRd32.exe
1724	AcroRd32.exe
1724	AcroRd32.exe
1724	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1736	1724	AcroRd32.exe	90
PID 1724 wrote to memory of 1736	1724	AcroRd32.exe	90
PID 1724 wrote to memory of 1736	1724	AcroRd32.exe	90
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 1564	1736	RdrCEF.exe	94
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95
PID 1736 wrote to memory of 4800	1736	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Matematica 1\UNIDAD 2\Vasquez-Cristofer-Analogía y Clasificación_Unidad2_Práctica 3.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7576FF91C7FEE9DB93A1B8171873931D --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1564
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6033780AA39FF9CB23DC370F16FECCBB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6033780AA39FF9CB23DC370F16FECCBB --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4800
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B9DCFB9AED6546C5493E369F36B77464 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B9DCFB9AED6546C5493E369F36B77464 --renderer-client-id=4 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4696
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E12B6DDBE7B9025192559F2F7D518CAA --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=60F3DD0537B42C76D89660E1FC3B1AA0 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:964
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=28DBEC671AA5A03241CDC62976D123F7 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8efbfbbba6aa7a9c6a868d3fd232a16f

SHA1
53bc7d1d7ea528481f0901cac32bddc0c9080f8c

SHA256
a081dca55a90644a02c95c61d6aed55ec4bebb191e6303175ad967d32570c553

SHA512
fd86444f64c87dcc7a37651c21a33496772588f7d0a9dd3af0d8a7dfb15976ab7cc54104df20699a72d6c99259abf99712386779f5152ea23551980b67007a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
555ee1b0b221eb12440b22aaed271808

SHA1
01ed06b5b02862420fb06a70d2c5414720ae4e60

SHA256
6fa16c93559415d17e4d5b45bbc74425faef0d34a0511409b8d89d1821e5704a

SHA512
646302d0ee4dd2e0e572c20095810e9de61295de8441602ca966a22021512ee89bfa850fa752b841771bcd0e36af666b4118a2167c528cc8ad8df59fdeb57c35

Download Submit