Analysis
-
max time kernel
134s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-06-2024 03:22
Behavioral task
behavioral1
Sample
8b9ae228cbde0c2a31c4f0c12e2810c0_NeikiAnalytics.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
8b9ae228cbde0c2a31c4f0c12e2810c0_NeikiAnalytics.pdf
Resource
win10v2004-20240508-en
General
-
Target
8b9ae228cbde0c2a31c4f0c12e2810c0_NeikiAnalytics.pdf
-
Size
98KB
-
MD5
8b9ae228cbde0c2a31c4f0c12e2810c0
-
SHA1
229ab80b081856b00f98816b6dc9a95aedfe6b4b
-
SHA256
bb7045625e5a0d8476490ff3c0fc85c86297c189bbb5a7978ccea53b51966f44
-
SHA512
5765c064bad180d7312768245af93903b86ee831b46522ad12c4fdd6b5b80ff4a7b4bcf2931f4f36970a6b2e54ea7daf12affb58238ca3bfae9f1eb3c1c20819
-
SSDEEP
3072:d1JkXIP/6ajeuc/YpiQiumakQthXTCcmZBP:vaXI36Qeuc0Bmq1c
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4128 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 4128 AcroRd32.exe 4128 AcroRd32.exe 4128 AcroRd32.exe 4128 AcroRd32.exe 4128 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4128 wrote to memory of 2536 4128 AcroRd32.exe 92 PID 4128 wrote to memory of 2536 4128 AcroRd32.exe 92 PID 4128 wrote to memory of 2536 4128 AcroRd32.exe 92 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 4404 2536 RdrCEF.exe 93 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94 PID 2536 wrote to memory of 1344 2536 RdrCEF.exe 94
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\8b9ae228cbde0c2a31c4f0c12e2810c0_NeikiAnalytics.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4128 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F6C17DE188E74D513CC71EB38E6635A4 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4404
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=601C6A11DB2ADC549A4544E3A45D916B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=601C6A11DB2ADC549A4544E3A45D916B --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:1344
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=46F2BE12B55FF9B97EFE1492126C07F3 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4456
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5F68E5935F7B0D86B406F246EE6C353F --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3728
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=162752C6127969E6E3AB42694618C585 --mojo-platform-channel-handle=2356 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3940
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E02792D04B06575AE9DBE98940053B10 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E02792D04B06575AE9DBE98940053B10 --renderer-client-id=7 --mojo-platform-channel-handle=2532 --allow-no-sandbox-job /prefetch:13⤵PID:4956
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2668
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD50c86a8815f7c9ae7a5852adfeadc06b1
SHA1f4abd6013d46e35d65b575f13d40f1b961692176
SHA25678c3eda80d61388ef0b530aa3f6f648044f79898fae5f5aa5e58b04c4e5a8fcb
SHA5128b473220091209a74a5923dd8f25bd550248b0ac084b4cd04bc841913cf899238207d15e1ffe739b5a60993041d26b31356ba511c375456bd5ade09a9404e957
-
Filesize
64KB
MD5472d1e6af99245d5c216bf6786c821a4
SHA13ff079fc0725eb1e210ec257a41e084d4905d591
SHA2567bf8c944a4c35bab436202124844901df29ac4efee95b82b0f4c893f3a35af58
SHA5124e6b9e7f67547ae52f92876050cc3dd5d6b885772ca62e5b1c0fd64b47ead7ab1312dfef3bd57dad05ac3c4a213c3956d2202869fccc91dd1b61635833aaa346