Analysis
-
max time kernel
136s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21/05/2024, 02:05
Behavioral task
behavioral1
Sample
73436372136.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
73436372136.pdf
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Maersk-BL-Ref0929339041333 47367282378722.scr
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Maersk-BL-Ref0929339041333 47367282378722.scr
Resource
win10v2004-20240426-en
General
-
Target
73436372136.pdf
-
Size
90KB
-
MD5
1de69a350c67b6294f30fcc6bf4d6841
-
SHA1
588ad3384af12fb43e57acb64a435e345d9afeeb
-
SHA256
93a90d35444c319167d04a070c4c4c0a149eda1694ad006d274aa11087b92758
-
SHA512
c18ac7414417c5f1903a2c625b515765116c6692e3e1cd31aefd3112275529c1a730aaa4015983e585f79b1668671c7ea7540dd20f44af47a9173d3ba59f70b0
-
SSDEEP
1536:DYkp3DC/ZuNDsHQ2pJCwWfrxPbRQhwQqs/qF3ucMMlizNfIUvDr7YcHKzT:D39CxWwHQ2pJC1zRQOcMFkzNfIULrs9f
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1236 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe 1236 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1236 wrote to memory of 2148 1236 AcroRd32.exe 89 PID 1236 wrote to memory of 2148 1236 AcroRd32.exe 89 PID 1236 wrote to memory of 2148 1236 AcroRd32.exe 89 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 1428 2148 RdrCEF.exe 90 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91 PID 2148 wrote to memory of 2300 2148 RdrCEF.exe 91
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\73436372136.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1236 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2148 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C90AD94EAB0CB49BE2213F7CA55F3A2E --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1428
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=922658528E86D75EB20627801886ED8D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=922658528E86D75EB20627801886ED8D --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:2300
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=61256CE62E2A419F8AC191BAE68ECBAD --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:884
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=985B7F73373B1437C9CA9F0BCBA45FFF --mojo-platform-channel-handle=1900 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1920
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1275F049477D8A28CDE92053F5732ACD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1275F049477D8A28CDE92053F5732ACD --renderer-client-id=6 --mojo-platform-channel-handle=2508 --allow-no-sandbox-job /prefetch:13⤵PID:688
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=94BD0E60A49F139AB94107975ABC37B7 --mojo-platform-channel-handle=2816 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5036
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3632
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5dbc8ef81e566fceef6625a0c8ed8a0cf
SHA1064f1f92a4281f141bf29b39e196a36b45f1c142
SHA256caa0269887c81bb99b62d8c931e5f938bcc84f4422bfb18d0b4cccd3a541db82
SHA512dec5127240d054d3740c6863927805f68efe0ebe78d7cc662f5b99fc3074734b5553a6565a9892ee108529f2fc72cdaad13d678e5fc80a1176513adba8f30c6d
-
Filesize
64KB
MD53667d8c096fb250c59c634965856b03c
SHA1b566031bff29cf88ce26fab94fbdcc58a6b41960
SHA256b44b2b41de85b199c3fc784199c73ffd4f150253f8c2ac8656d6303cc715136c
SHA512033555ddf8d8b2d3c6a670c2d6717c2f5385445ea4d153a46dbf8b09bdb992ea62ce900864aadbe667d4e8059b00f3bf8656f6c94f54ff567dc17bdf96bd2ca3