Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 18:20
Behavioral task
behavioral1
Sample
inv_12686649_70.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
inv_12686649_70.pdf
Resource
win10v2004-20240508-en
General
-
Target
inv_12686649_70.pdf
-
Size
146KB
-
MD5
780080fdd3b09812e7329ab1308409d4
-
SHA1
901de9e3c14f73db53090e2a16a357ad801eda8e
-
SHA256
f131453992793c7fbe9106dc0577e9d9491eda42b310de49a54cb4fd14d12756
-
SHA512
07ccf76c406156f309bd77aac4bae6460985fdc83a3fa27bb3dce867f4ed712ea6b842087624c4fdc268c4c98dff4e0536481b65b2fbb537c77975ea51b06612
-
SSDEEP
3072:EwxrC5R0JjZe+xDSjmwR8WKDZDzE4Gv/icEV:bxrC5KJjZZYmFl9zETZEV
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2108 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2108 AcroRd32.exe 2108 AcroRd32.exe 2108 AcroRd32.exe 2108 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2108 wrote to memory of 4632 2108 AcroRd32.exe 87 PID 2108 wrote to memory of 4632 2108 AcroRd32.exe 87 PID 2108 wrote to memory of 4632 2108 AcroRd32.exe 87 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 1972 4632 RdrCEF.exe 88 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89 PID 4632 wrote to memory of 3688 4632 RdrCEF.exe 89
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\inv_12686649_70.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4632 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D5C2B03E58D7F4C95E950B9F778E40F8 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1972
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5CB10FCA162E999A0F11C09525018D40 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5CB10FCA162E999A0F11C09525018D40 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:3688
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5EC325AF43F89B4BD34550378C637866 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2252
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B202A72EC49E4AB6045218C198ECBC8F --mojo-platform-channel-handle=1928 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4844
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2445ED57F2360C7B52FBD1C8B232276F --mojo-platform-channel-handle=2388 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3568
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5973090E2D2E11A5A49F6240BAA799D5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5973090E2D2E11A5A49F6240BAA799D5 --renderer-client-id=7 --mojo-platform-channel-handle=2516 --allow-no-sandbox-job /prefetch:13⤵PID:4720
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4496
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD56c800ccea627ce7c46133f4f5d75be20
SHA19a6c59a40e964a691748c6b170bb9c1816c8f007
SHA256dced0a77a00d0aab6f904b3b68ea461e6e0fb756ede4fdd55b46c9b93a731902
SHA512a73e983f6c154ddb6d80ad542744bab99e1c90e3770bb1b4a073922258fac371c97ed2284b578c0154aec33411df4753a7ee9c5ed5669ca605bd57f1fb35f671