Analysis
-
max time kernel
134s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-05-2024 13:12
Behavioral task
behavioral1
Sample
3abe96a65ee79510126d6c7591e66090_NeikiAnalytics.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3abe96a65ee79510126d6c7591e66090_NeikiAnalytics.pdf
Resource
win10v2004-20240508-en
General
-
Target
3abe96a65ee79510126d6c7591e66090_NeikiAnalytics.pdf
-
Size
253KB
-
MD5
3abe96a65ee79510126d6c7591e66090
-
SHA1
5157da0a4daf9e407b6cbfeefc626f2b92bc78a4
-
SHA256
f74ec8372bff80cb0d61f80cd9fafa1c7a851c37f9f3d28e68b69839f0c9a391
-
SHA512
827529c05a9975b0aca1c182dc303d9030ff1192de53d136a2865ec3a4adfb913f664690500f37674d57c34415b90f87806f7e58d47cbed76a3d8a2bcbbf4e3f
-
SSDEEP
6144:c2xWMLZ+0gDfS/GC9IEWwa1uQImh150c6n5aAKVMZhDfYqic:NzLDxGC9IEGemh1ZS8AKSWc
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2796 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 2796 AcroRd32.exe 2796 AcroRd32.exe 2796 AcroRd32.exe 2796 AcroRd32.exe 2796 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2796 wrote to memory of 2188 2796 AcroRd32.exe 88 PID 2796 wrote to memory of 2188 2796 AcroRd32.exe 88 PID 2796 wrote to memory of 2188 2796 AcroRd32.exe 88 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 3548 2188 RdrCEF.exe 91 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92 PID 2188 wrote to memory of 2460 2188 RdrCEF.exe 92
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3abe96a65ee79510126d6c7591e66090_NeikiAnalytics.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CF2C2A3D0406DDC120A2564C34AA58A1 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3548
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7544E7B4E39164A8F9CE377E01395AAD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7544E7B4E39164A8F9CE377E01395AAD --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:2460
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=46663CB49EBE9B7FB0CE0FD73E150D52 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4224
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E873CBA460FDFB78D8EE464157CD657C --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2104
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E51C5AA325AAE2C0DDCFDD9D9A3F82A7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E51C5AA325AAE2C0DDCFDD9D9A3F82A7 --renderer-client-id=6 --mojo-platform-channel-handle=2108 --allow-no-sandbox-job /prefetch:13⤵PID:2172
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B0CC23827D2B4FCD77C778CCE9E2E9E6 --mojo-platform-channel-handle=2732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3864
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1284
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5e70f0128125d1705e7f0a702cc4a198d
SHA1753898d577a904b7d59c9d57149bf1460c70966a
SHA25623f26a01576d891afc2cb5cb5fbb1748d56fdad9e216d4fc737cdbcb3b7cd2b6
SHA5129974334b1d070ec62fe4cc475df2075cb1c6fa2406b890c153ab48f798c858a65e2bd8f396f4807eb2b12f0028bb391c0699b7ed71d0cab365593fae6b7d5aaa
-
Filesize
64KB
MD565f5a3669fd9d395d98e54a6df618b7f
SHA11156b1541510dd45942a2c481bef473410f917fa
SHA25641f51455817b51a1cb744c4d69294fbc0e373bb2fb69ebcdb12da31608a3e6a4
SHA512c299669944cb2202c6e2599eee11d3e36a83da0eb38b41923b6a893cd903c5b94835a02b25ec96230d239bb2a3869cda615989fea7c3921af436e3ecd52ffa2c