df5a4b00c7f38517f51f370b51f99e6eca0fb8eea4114536dd73ca9f04418a94

Analysis

max time kernel
93s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 07:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7c8faf1f6405662f640b0b925d0d76e0_NeikiAnalytics.pdf
Size

340KB
MD5

7c8faf1f6405662f640b0b925d0d76e0
SHA1

e0200484e80476db47f0173825e69c68f2d42de7
SHA256

df5a4b00c7f38517f51f370b51f99e6eca0fb8eea4114536dd73ca9f04418a94
SHA512

a917d1edfce9ed6caca261d1f2d53b82fe16f633ebc0b5eda763d2db4fbbbbe221e56e7eb6aa891552de7904ba7d0d063229382c7a25c26d212402755b3bb369
SSDEEP

6144:4PjhZ/P+sHsXMJs+BZYQlxZ1T5YAiwRQi4kLa8mOqz9p+i:kjhZ/PReI7h31VYT7ixqOqz9si

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1168	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1168	AcroRd32.exe
1168	AcroRd32.exe
1168	AcroRd32.exe
1168	AcroRd32.exe
1168	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1168 wrote to memory of 216	1168	AcroRd32.exe	88
PID 1168 wrote to memory of 216	1168	AcroRd32.exe	88
PID 1168 wrote to memory of 216	1168	AcroRd32.exe	88
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 4704	216	RdrCEF.exe	89
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90
PID 216 wrote to memory of 3764	216	RdrCEF.exe	90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7c8faf1f6405662f640b0b925d0d76e0_NeikiAnalytics.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1168
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:216
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C348E35512D19D69C9D65F9E7F06B01B --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4704
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E511757ECAEDBDF9AB0C79C595B9C076 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E511757ECAEDBDF9AB0C79C595B9C076 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3764
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0A5F34F40FCA8DBBFDDD43622DEEE55D --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3376
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=190089B656477DC1C834828FE12F1E02 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4176
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=439B56B6C92899E41B31CDA488D3AA2C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=439B56B6C92899E41B31CDA488D3AA2C --renderer-client-id=6 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2876
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5B691A53CEB1E504CB56EF5E7364E5D6 --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b27a89fb0dd8989635632e92572a9e2e

SHA1
6983a0e12995535c8d4f4cc6a283792e4cf791ae

SHA256
8c7b3ad1838c06b18b23dd21e1f616c978fa4c2b2f9adce927273ba3ff3bcd7a

SHA512
dda8f1fc19f18086e6bda02aec4124cc3e167b9417f99433ef6316f0ccc57d070fdc9ea76dc102334a5c6794ae44a73a14588dbf84671edd499aa333e87c3cee

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
33e407e684ced4525f22ef8ef30470ea

SHA1
7d3f0f1f2e05b3235843a7a2142e12d35a0ba2ee

SHA256
6e2831213327ba38216a13f68616883d6e083b34f7c7c07c08654fc470f2f026

SHA512
6fbc5d6e4268c86303c41a77d3fdf77dd347ba62a9343e47cda3e9158a39e47e69f7b01896bab66265c516e78d69ac460c48d40fa0b23d3f263c3ad019f7deb8

Download Submit