3106f59adfdac6f70c737e480b89c4698909f25d5da04bd594d2314d8e14c9be

Analysis

max time kernel
134s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Monatsplan_August.pdf
Size

48KB
MD5

b9546cc800423987ba74e617ad835a69
SHA1

cc2a0ce124a15a8e2846b001272463c70e182095
SHA256

3106f59adfdac6f70c737e480b89c4698909f25d5da04bd594d2314d8e14c9be
SHA512

24e8e43c0d0aaa49afaefdb4c2c27d78b3f51d387c87843160ca33ad3ef2a36b3b50b2adf21103485b6b2460ea296b26148594d3baef791727a02be7662b74f5
SSDEEP

1536:vV5p1xXFnJkmEHfROt9KTrBb1o8zQj0ejpZ:9LHFneTHJ2YBbpkj0edZ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1952	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1952	AcroRd32.exe
1952	AcroRd32.exe
1952	AcroRd32.exe
1952	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 228	1952	AcroRd32.exe	91
PID 1952 wrote to memory of 228	1952	AcroRd32.exe	91
PID 1952 wrote to memory of 228	1952	AcroRd32.exe	91
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 5080	228	RdrCEF.exe	92
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93
PID 228 wrote to memory of 4156	228	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Monatsplan_August.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:228
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=214CD16B497B98209E49A6DD009A6773 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9BFBCA50A9DF8882E5CE34B3661AE8F3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9BFBCA50A9DF8882E5CE34B3661AE8F3 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4156
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=570AEC3464045F37C7509877C8B130C7 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2156
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B84268681F9D08278EA21D7DE17A298 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4496
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B518372A96CAD1DEE1C7021E225FD71D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B518372A96CAD1DEE1C7021E225FD71D --renderer-client-id=6 --mojo-platform-channel-handle=1896 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5000
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=60141059B9BC25DDAA54B5172553573F --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
289ac09ec57836ca9f446f655c250d00

SHA1
43549dde0249ca38cee2bb1ed6fb9808a0c7ea8a

SHA256
756f46679407c9449d04c6230840bac6d153cc2a9865903f063aa3c45d3ecd38

SHA512
68b0af456ff30c2c1132adbce9058e21dd861116af30d3ce6fca9280d30abc1e1422d4e0e450b2cf3e23ccf230db38821a94b385bf5c41730abbe1f705a9c949

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e9e60846c04d52fee840bba3e489cecd

SHA1
415ea3d31354e98ed92447a67cfdac7548238e7b

SHA256
4cb87b673167a16dba94dbab2ade689a4dff2111409766c4eae46f76d07f9295

SHA512
4f36a862c08363f031702f2b826e1d8a70290557f6ef7c918b7d1facf1a557d4f3a0a8de4e0a950f84727a1f991bd6d4511a9775effddd015b4c0dad61deb3ed

Download Submit