2865c2e74aa503d8f234520f328f32f4a6e60e38eb362b742299600e58d09a22

Analysis

max time kernel
140s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 16:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Acondicionamiento de la Señal (1).pdf
Size

1.1MB
MD5

dbbb91890144ddd4d47d1e312fb730c3
SHA1

52745fc2efd11cc92b5520d6896a67e7d742be00
SHA256

2865c2e74aa503d8f234520f328f32f4a6e60e38eb362b742299600e58d09a22
SHA512

658a94d13dc0cd604e72ba126534d9f12a668e7285e397aaca48b037b162665f78f8af55d97720f41d5996f2c2744ce23f72eb88c551ac073f32e6a9afdc8c51
SSDEEP

24576:hONwqEqXhCJzmlPT/IfbseZOX7NF3l4y4eVMAclRksbZN:hOTPxCkeA7NZlB2AclasbD

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1892	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1892	AcroRd32.exe
1892	AcroRd32.exe
1892	AcroRd32.exe
1892	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 4488	1892	AcroRd32.exe	91
PID 1892 wrote to memory of 4488	1892	AcroRd32.exe	91
PID 1892 wrote to memory of 4488	1892	AcroRd32.exe	91
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 4888	4488	RdrCEF.exe	94
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95
PID 4488 wrote to memory of 2752	4488	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Acondicionamiento de la Señal (1).pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4488
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=09FDCB5EABA70D27CFF5601A2DD01AE5 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4888
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8DF7F419C62C7F38FB6FED617A5749F3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8DF7F419C62C7F38FB6FED617A5749F3 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D8AD016859572C784D17E18F7BD500B3 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3172
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CA26968981A48F810C9E7425D80FDC91 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CA26968981A48F810C9E7425D80FDC91 --renderer-client-id=5 --mojo-platform-channel-handle=1624 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2032
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8D529CE906B49BDF719E589A6C66CD14 --mojo-platform-channel-handle=2592 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1964
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=08CFB1954852442AC9FE42CA7B247EFF --mojo-platform-channel-handle=2856 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
a6d2ea3b79b441545b7e8f7a6f17431c

SHA1
c7d4dad7187490f71540bc59ab4d79dc7e7894e9

SHA256
c3f8594be1377813dd4d3ed6b9fdbb66b256a2bd8258bb2bc5b5aeb26c3913bc

SHA512
832775ae6a8b6e2f917af2d891db5bba96caacb45973eaaabe0ff4c60c54ac866ca4030870228cfc258cc32291d03d3dfa39defc7b181abf1c1bb64e564d2a30

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4e6864a78aa913c3ea4c78592a14850d

SHA1
8c80761792bfd4dddf51e8fac7371c8cbb16804c

SHA256
f438e6bc0941bd85dd8df27766a4b6c91e5f35575f0ddf95a663d58f1d041f31

SHA512
3489aca6b74d24ecc3fb4af353a2a5210d6d5432968a33c0c96f969ceb8eb6d7b39a603205512a1aa95a0bcb5cbb940184e6828cefa318806ba1355dc4e81c0c

Download Submit