2c09379a174a8d95c67c8031660ff1e9aa8f0cabe51961eaa25df063b97dcad9

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 20:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2c09379a174a8d95c67c8031660ff1e9aa8f0cabe51961eaa25df063b97dcad9.pdf
Size

100KB
MD5

c0e2de7ffd65e9b891b57bb38f6be69e
SHA1

12a5d14c60fa8f4729afe5adc399177f688a889f
SHA256

2c09379a174a8d95c67c8031660ff1e9aa8f0cabe51961eaa25df063b97dcad9
SHA512

e1c49ddbc623cc2814c273838053adf22bc7f84fe652fc4b686eb2128bf7c52554213baecef5c6d6b3cb3aa1696b6163f727a0818631e4e9425189326f0d2d7e
SSDEEP

3072:BRbM9+8AiztgfaweKeUddddddddddddddddddddddddd7HLjTZn2/qpibc+s:LbZ8AvaLKRddddddddddddddddddddd9

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
632	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
632	AcroRd32.exe
632	AcroRd32.exe
632	AcroRd32.exe
632	AcroRd32.exe
632	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 2504	632	AcroRd32.exe	87
PID 632 wrote to memory of 2504	632	AcroRd32.exe	87
PID 632 wrote to memory of 2504	632	AcroRd32.exe	87
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 1988	2504	RdrCEF.exe	88
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89
PID 2504 wrote to memory of 3460	2504	RdrCEF.exe	89

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\2c09379a174a8d95c67c8031660ff1e9aa8f0cabe51961eaa25df063b97dcad9.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E7F205F852F83408080F92C8868A591C --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1988
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8C55E6432EA5D0F9DEF3CC9811B79B0E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8C55E6432EA5D0F9DEF3CC9811B79B0E --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C0BA644E03CEF26A424180FE680746A0 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=933D14C8CC67E650079D1B1DF525F8BC --mojo-platform-channel-handle=1844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2232
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=10DC35A616BC7765A78DB61308A02C65 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=10DC35A616BC7765A78DB61308A02C65 --renderer-client-id=6 --mojo-platform-channel-handle=2596 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3136
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B008A2C130CA5D819B43296AF36AE5A --mojo-platform-channel-handle=1932 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
29fb62cc8ac66977448ef5c38df32d55

SHA1
1f2344e21438eafdb83673a085f9c8dc1dac53e0

SHA256
5d542ed0796bd7bbc2d93b591867eb5de171409797e3a64c4556898096e4f280

SHA512
78cc7dc15663d019b95c1c5679adbd7b42d4d9f0a124f15199d2e640a8ac22e934f7628d1a0d9bd9dd4d61534b02f21644b23da739a4741d6302709257eca6ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b775d2641b038bcad43125fb092ba25e

SHA1
1d7ac6a4b1fa7145dee2634e36353abfd6c5e2cd

SHA256
812adc65c4b0f1960fa8723fcc7eebbd43c24c950e0b9464fa47c51a645c5a23

SHA512
e3f791ef80feac203b07bb2bdb35f0a41e6f4ed7a9b1b56231e48f65f596a9877b11a13f4f5648d22dae5b7162ed74f2156ce5e23219917bd2f7c1110d8d2535

Download Submit