e353035e03f1d5e74719a84a5ca7503dab1b6fc366dd997277ebc98edf2fdae1

Resubmissions

11/04/2024, 12:30

240411-ppntjsbe68 3

11/04/2024, 12:26

240411-pmmhpsef5v 3

Analysis

max time kernel
291s
max time network
275s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.1 PERSONAL/FUENTE PEREZ BRIAN LEONEL FRANCISCO/BRAIAN FUENTE.EPP.pdf
Size

496KB
MD5

c27912b31eb5d84ed58fecafc47e090a
SHA1

90fb2eed589e45831ea6ecb8235b80e82a134ef6
SHA256

2cfe00b234fa580a1d18611761538c9e90649a99e9d6abfb1261c174644f8d05
SHA512

16c7612a8b83686466f963e55765d01f773e74be85b6e7bb02bb38958bf4c11195fc16f9fe695471a750b1312563fe82d510445c21ae2549e5676271bf77b856
SSDEEP

12288:uG2q7EIlY/mz+OH774kCaltWJ406j/d5so7l:uGz7E8YnOXJjX7l

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1264	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1264	AcroRd32.exe
1264	AcroRd32.exe
1264	AcroRd32.exe
1264	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 3552	1264	AcroRd32.exe	86
PID 1264 wrote to memory of 3552	1264	AcroRd32.exe	86
PID 1264 wrote to memory of 3552	1264	AcroRd32.exe	86
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 1348	3552	RdrCEF.exe	87
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88
PID 3552 wrote to memory of 952	3552	RdrCEF.exe	88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2.1 PERSONAL\FUENTE PEREZ BRIAN LEONEL FRANCISCO\BRAIAN FUENTE.EPP.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3552
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C50E7A65E976EBBD4343A5A9B5C52443 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1348
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=496062CA5844DF821EE0CC812FD2D704 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=496062CA5844DF821EE0CC812FD2D704 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:952
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=321C60A2B14BDAC743057B4085F5E565 --mojo-platform-channel-handle=2176 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4776
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3AA38E271D34660B26F2006582BC3B80 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3AA38E271D34660B26F2006582BC3B80 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4904
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D5D922B031791B74B7381D9C3182A60B --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3464
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=577213E31EEC7A9C10728F5B030A03FA --mojo-platform-channel-handle=2244 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8644269586c6a0194988c10beae2a54a

SHA1
f919a2c31dbf693570f627913881c56290609b70

SHA256
10f208521be6acd44c586b495b2dca4d5156201deac9e3fbc9e71c8f55f92b57

SHA512
dcb543f08de1def5e023de793cb047552e6f5db9e1cdea476425646f5fdf4ab5541187788311fe340ff81e4184ca225031e87af9c2bc52b4eed7fd91853019e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
24bc2632d110e6fb74ca6293a184d42e

SHA1
72125af50952661bf91383f575ec04a964884405

SHA256
66b76cd66bfd5db4614f60c92d42624a604cb9e84f7c9b34d47079ceafced0cf

SHA512
0ccbee357f5e12cb7da34b8362e7af0dada5cc3462b317bb5bd88a10bba0107b37d06efc309ea482c880b09195d533a33c8df4be6262fd495abacfc097bd616b

Download Submit