ca107a58d99a35994a471958721dd64effd8aee01a88885c789211e292359cb1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SeroXen Documentation and TOS.pdf
Size

389KB
MD5

268a35fc151093712fd931438266733b
SHA1

0cfe4de8b721ae00275f171874e975143ba4e5c3
SHA256

f3329fc8e298719361d0799fd3aa160ccc860fad1cdbf2d5b920370561079d24
SHA512

60f12acab903f4213b2e6f96e0e4ef4d19b4378d0cd18e86b736e1ef4daecbf18f926d298a60e156fce06d4af4121636133cc87d61ce7aed815e66240ed2cc03
SSDEEP

6144:gHN9PzWipJ6LIgy6WW9OyfnFTGndbcF7pVEtiOTwl/BdGqgZzu6cXmnV:saqcLIgySDYdbcJ/Etol2zu6dV

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1404	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1404	AcroRd32.exe
1404	AcroRd32.exe
1404	AcroRd32.exe
1404	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 900	1404	AcroRd32.exe	86
PID 1404 wrote to memory of 900	1404	AcroRd32.exe	86
PID 1404 wrote to memory of 900	1404	AcroRd32.exe	86
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 3928	900	RdrCEF.exe	87
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88
PID 900 wrote to memory of 4692	900	RdrCEF.exe	88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SeroXen Documentation and TOS.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:900
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B8A3F9A7D43FB7AD13CA66A952324D60 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3928
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A40F48DA5A9D0DCE993D96A55933688A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A40F48DA5A9D0DCE993D96A55933688A --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4692
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=76C3A7BA7651632C25C54C35BD65794D --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3528
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=71EE2249B34AA681DD50C33B6BFB49A4 --mojo-platform-channel-handle=1920 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1408
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6B87B190BF80CDCE70F78A63A630837B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6B87B190BF80CDCE70F78A63A630837B --renderer-client-id=6 --mojo-platform-channel-handle=2412 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3740
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FE6984F623152D7E6095404DFB8662C1 --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
33603b7fb1b9155c89e43d7590cc4132

SHA1
e8d7a11c976f88d6ed4dded8027954c75e2762a0

SHA256
72fb3dd707404e6b08aa341ccc7e0455bde984f80cf3ccdf81abc573a8da43c2

SHA512
2b2f0f8d0bc54bd756d506a63f832e47e778acebc95159c20500b35c9a0f3bcffc57940a75d7dd0ea77dc5c810f2d57f5e4988187e7105662ce2e5a3804dcfb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7c24e98b82135882a548dc725ca723e4

SHA1
5304d58646f6f75a03ef324b6acaf0852c1f8718

SHA256
ad79a152624d9f50220ae0810677e64b71b8b7e708a7b3da6c1f6bb699b87fae

SHA512
92206eddb7cf7455cb5dc293865a9ba71948ad6cb471324898c00c3a4637835fcccc084450e9d92cd680c8a650e0a918ed26be0a6f5e7230c61c5cf334b17ffd

Download Submit