Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/05/2024, 07:44
Static task
static1
Behavioral task
behavioral1
Sample
Referenz Nr 160422900879.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Referenz Nr 160422900879.pdf
Resource
win10v2004-20240508-en
General
-
Target
Referenz Nr 160422900879.pdf
-
Size
131KB
-
MD5
32e6ff4158d9643f6dd01323501dac64
-
SHA1
8bd1d7b19225698a7c2d448049f2304f16a20b39
-
SHA256
0dbc3add5c2143f3c251332dc704ac6f17f6be113240152516b835bf2215175a
-
SHA512
86041020082af945dba5672f405edd86d89584a7c21140547f8e2449815fffa531a5e2c45f296b1814cf539c4c12a33075e46068af10a07f58442019ec14f602
-
SSDEEP
3072:aNvGk/HHIzGkTmFXZ49rF0P6EAEOwNByYpeQy6VC/hU:ov7yGrFJAU6DbwNoSeQyCC5U
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4680 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4680 AcroRd32.exe 4680 AcroRd32.exe 4680 AcroRd32.exe 4680 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4680 wrote to memory of 2864 4680 AcroRd32.exe 92 PID 4680 wrote to memory of 2864 4680 AcroRd32.exe 92 PID 4680 wrote to memory of 2864 4680 AcroRd32.exe 92 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 3256 2864 RdrCEF.exe 93 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94 PID 2864 wrote to memory of 4676 2864 RdrCEF.exe 94
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Referenz Nr 160422900879.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4680 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2864 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A8C5FF6F53588B5D1BAF530604E59F2F --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3256
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=45D7E9561E9335CD770AC595B7207DB2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=45D7E9561E9335CD770AC595B7207DB2 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:4676
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2C5F73FEB704C8F2742CF27FC5C97D6F --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2236
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0AFFBFA564BEA6EC34B8CCB357E4E1F7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0AFFBFA564BEA6EC34B8CCB357E4E1F7 --renderer-client-id=5 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job /prefetch:13⤵PID:4416
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B18C60774BCC4C06495B4FC97169A15D --mojo-platform-channel-handle=2728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3036
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E52C4BE238EED0A4B071291EC2CB1F41 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2884
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD50313655575175c54b10a9f816b60c215
SHA120b36aebc22edd78a25b4201e2791abb9af98210
SHA256ed7d061cefa58bc7c78c225b7f980762655c8ead394194bda67b97d3f361d402
SHA512c55f839c6a6f3834140e7ee09e1e947f671ee7187910594e0c8e29653f235b8c971241688fc491dd225be58d6d990b40e5050e0c91cfba2e3d168b20e1922a4c
-
Filesize
64KB
MD5ba16144202a7ffd8305bff17dbe884f2
SHA14108e00e704c13a566c1d11b6df5fe5c618f2527
SHA256d27cd59c8ff3e88f7e365bd5dede78c641d9e1c3441531e6838870bc96f1c71e
SHA512db8cbdab315061996c7d1db826b7ce46138a6802fbe02584d198eff4d5bc39e4c68a104e9b8682f4caebc6f8146b04c6d076db3c0706137aa846a138112980d9