b8dc9debf1ff01d621efb123119aa021ddf40d18f1caafcbb55267fe2d5a3485

Analysis

max time kernel
142s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 12:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

job application CV.pdf
Size

105KB
MD5

9eeef9c0bd27a0517228836ee543bc61
SHA1

fa54cd94c1d767a724abab88e2c44af82d9e23aa
SHA256

b8dc9debf1ff01d621efb123119aa021ddf40d18f1caafcbb55267fe2d5a3485
SHA512

b5f59a23bc3b195293860efdf50d657fa2d1b193030a97dc1d9083777b9b3d7da0078a2b245a9ba8313bc4c49b401f67ba316f849027ef673ce60555c13f3ff7
SSDEEP

1536:kP7P+wfS9w5+NfP3GaIl0JrTyS+qZbxIKEY7pFOnAvQsRFGZ02pje1jHsZnQX7Mt:Ir+wfLqexlrS+oHQAvqfpi1j2nYIIdHs

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2560	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2560	AcroRd32.exe
2560	AcroRd32.exe
2560	AcroRd32.exe
2560	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 1412	2560	AcroRd32.exe	93
PID 2560 wrote to memory of 1412	2560	AcroRd32.exe	93
PID 2560 wrote to memory of 1412	2560	AcroRd32.exe	93
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 368	1412	RdrCEF.exe	94
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95
PID 1412 wrote to memory of 3528	1412	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\job application CV.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D57BDC38FE397CDE0AC93F6599062089 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:368
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7713B8C0CB783391A910C549D2B45705 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7713B8C0CB783391A910C549D2B45705 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3528
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B29FB09C0C9A21216F03055D1EAE53A3 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1520
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=37614878F1FE23C218B04422C1C0D8CE --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1232
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B383C6755257088083613CF5E6891764 --mojo-platform-channel-handle=2176 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2864
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8FD01E11B178602BBD19BF3E4DFFD3C8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8FD01E11B178602BBD19BF3E4DFFD3C8 --renderer-client-id=7 --mojo-platform-channel-handle=1908 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5852620cb13d8e0d0df71e142139c363

SHA1
fd0c86a324be6a385f8351fcaaf7462a389491c3

SHA256
d9d41534a42ceebd4794cba11cfd31a110649567c03f931fc4d8ad6b507b4bc1

SHA512
2361f2c442c8267e278fe821941eec6169abf2157a334b092a9e7583c21dac5e3553af53b71820a9b5d3c67b0096208abba1febfb0458ee039f3f9111a91c524

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c268e32eee40ceb12e5c2b80022ec7ed

SHA1
013a9752d4b1e3f27bdd4622273dfbe1421030c2

SHA256
34a4bb8ab84c5eadbdd476b2be59e7b5ac93a540fbf09f77b86ad79e52b1db3f

SHA512
293940515c9cfd66c433e80684b4a315c450970d669765a56819db55b7fca4e99b337b9642f31773ef8b653d44543906691f6cd733f6fffaf9266b19e13cbeeb

Download Submit