Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/05/2024, 10:30
Behavioral task
behavioral1
Sample
b2b384411a16fc1ae7953ac201ac1d20_NeikiAnalytics.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
b2b384411a16fc1ae7953ac201ac1d20_NeikiAnalytics.pdf
Resource
win10v2004-20240508-en
General
-
Target
b2b384411a16fc1ae7953ac201ac1d20_NeikiAnalytics.pdf
-
Size
67KB
-
MD5
b2b384411a16fc1ae7953ac201ac1d20
-
SHA1
15bea712ee9d36533c8b20df0af8f067ac1a30fe
-
SHA256
f202060a5a8b0a16fc2e5f886a9b5bc33f066ccc96c3aa34831343489b4e77d3
-
SHA512
9eca23f941e2bed7028b2551901a97e3b552ddc0aa91a9bc3172aa92ba495ca2ccd1a601d49ea4bb7fad2d24bb987eb3d8f4a4bf6a506e4764f57dfbd92a2ac6
-
SSDEEP
1536:On+p9svd+b166muHcgivWGMCeo3DNjgOrIBjF6+bdaR8V3pcJWw2la6kT3qg:SHefGMF8DyG2pbu8VW/2lHqZ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2696 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2696 AcroRd32.exe 2696 AcroRd32.exe 2696 AcroRd32.exe 2696 AcroRd32.exe 2696 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2696 wrote to memory of 2836 2696 AcroRd32.exe 87 PID 2696 wrote to memory of 2836 2696 AcroRd32.exe 87 PID 2696 wrote to memory of 2836 2696 AcroRd32.exe 87 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 1436 2836 RdrCEF.exe 88 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89 PID 2836 wrote to memory of 3656 2836 RdrCEF.exe 89
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b2b384411a16fc1ae7953ac201ac1d20_NeikiAnalytics.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2836 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=554D60B3D6D26434A029737ACB5A4881 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1436
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CB40B1B0E9E1E81E0E3B2B7052E6E950 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CB40B1B0E9E1E81E0E3B2B7052E6E950 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:3656
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6B5877C8D4629051AFBDFDEC16B07769 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3564
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0B1793CE5D71E7E76986C8581C3C62C7 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4716
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9959EAB821CFE4651130DE3B9C1ED59A --mojo-platform-channel-handle=2604 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3180
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=91A356CAA8EF2613321FFCD1788BEED2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=91A356CAA8EF2613321FFCD1788BEED2 --renderer-client-id=7 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job /prefetch:13⤵PID:1580
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5fded9e82f84e19ffc84b1dd66167ceb3
SHA1c2052749f6427c55fa709a78f63106605a24542b
SHA2561dad1aaedadd126e9c3663f21888909666145058116c64919d299cc2491bc9b6
SHA5122ade22bec83786a88556526200c85b582eb172efaacd774d0538b3c0c7b95a7d98fd3cb90d00a53d28072ed1a6b2761b08a2f33dce95d93159547d0d7ebdd130
-
Filesize
64KB
MD5817f3fdb04e82f55ce83ef26db4da749
SHA118e3ea0832af6682669650376d668732df6713eb
SHA256207979c3a3c39e6ed527e3a40b4691b9f014739c096d7d018c68ccb4f1cada16
SHA512682dd7bf5f1a0cb80c16e4d0af5b6b24f585f645a69db098eda363de1d269a09a995c4b69f9e0fa3174bf2b727786737637851b61fa3fe4c642fa1928daa806e