Analysis
-
max time kernel
51s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
11-06-2024 20:45
Behavioral task
behavioral1
Sample
0162e6dc33fbb700e918c52f7249b6f0_NeikiAnalytics.pdf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0162e6dc33fbb700e918c52f7249b6f0_NeikiAnalytics.pdf
Resource
win10v2004-20240508-en
General
-
Target
0162e6dc33fbb700e918c52f7249b6f0_NeikiAnalytics.pdf
-
Size
143KB
-
MD5
0162e6dc33fbb700e918c52f7249b6f0
-
SHA1
80cb4500a38282c6a9c47ecc8b0f808e09f3899c
-
SHA256
1bf1aee5db7fe91e0cc25e5ed64857b218c5780ed560883fd87a864447b6ac77
-
SHA512
f26168db8328059a9ab989b18fad99d865804bfd5aa1829d5ea5d4ed5ab9151ee014e91795a670918a6424ff8260a932557dab28272d11d7c944d4a530153037
-
SSDEEP
3072:Oa80i56CLq0VahjnvBmH7m7yjZmfuQ+oEH9R2ZiUuJVovpe:OaVXeKjnvB+mLfunoy9eS
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2128 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2128 AcroRd32.exe 2128 AcroRd32.exe 2128 AcroRd32.exe 2128 AcroRd32.exe 2128 AcroRd32.exe 2128 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2128 wrote to memory of 4136 2128 AcroRd32.exe 86 PID 2128 wrote to memory of 4136 2128 AcroRd32.exe 86 PID 2128 wrote to memory of 4136 2128 AcroRd32.exe 86 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 3100 4136 RdrCEF.exe 87 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88 PID 4136 wrote to memory of 5096 4136 RdrCEF.exe 88
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0162e6dc33fbb700e918c52f7249b6f0_NeikiAnalytics.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4136 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=08511F0651BF57A0326FCD347FC5A701 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3100
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=08265ADE41C7B1CFF785D03C1D7DF78C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=08265ADE41C7B1CFF785D03C1D7DF78C --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:13⤵PID:5096
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C39B3E714F4B51496C6560A57AC09D1D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C39B3E714F4B51496C6560A57AC09D1D --renderer-client-id=4 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:13⤵PID:4692
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3394F3E055B3B3EC9377A19C05313AF1 --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:640
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=07469743502C08D571AAF6A0C6F0352C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=07469743502C08D571AAF6A0C6F0352C --renderer-client-id=6 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job /prefetch:13⤵PID:4332
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5B0326DC55509B5A9037DE3A5D866EF1 --mojo-platform-channel-handle=2972 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4404
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0CC415BAB9C752A5E61CFA91179C8DC0 --mojo-platform-channel-handle=2644 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3908
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5f903222ced601342ef5b9385ab479c54
SHA19dbc0f0460b50a46e1605a04a6b23c8b525cfc1f
SHA256c12063173f0c1cca40d84a0a23f3e8fa122f5b6e50f92c77c0dbf1e9702ebb40
SHA512c0573981b99372155384efe5591fe98d30eaf86ec21e8095625ad069c1f2fee800cfa3e69468a1b7aec5cb7889981824ff17d78921979340519fcdf967ba37ec