5e4d40fcd8b22453a5da2d32533b128f2565f3fc7a4d1647a93c86cdbb4be37a

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file-example_PDF_1MB.pdf
Size

1017KB
MD5

ee7ac8084eeab08035fdcb47bfa81931
SHA1

cec8ad914b1e9db83626b98e8d98512616975fdf
SHA256

5e4d40fcd8b22453a5da2d32533b128f2565f3fc7a4d1647a93c86cdbb4be37a
SHA512

c869ae751e3b12477ad19f67d351d4f3ecd312fcbce41c65b1426e214b6121ac2c74ef360e1051b632ff6809681843737161c57aed73409fa62e48476070f6c9
SSDEEP

24576:kP1p69hiOKGbu2xopr6hCO08T+3ixC69eMvbA+kJD3uJ:A4i/Iivp8BkQ07bo

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
924	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
924	AcroRd32.exe
924	AcroRd32.exe
924	AcroRd32.exe
924	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 2328	924	AcroRd32.exe	86
PID 924 wrote to memory of 2328	924	AcroRd32.exe	86
PID 924 wrote to memory of 2328	924	AcroRd32.exe	86
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 2416	2328	RdrCEF.exe	87
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88
PID 2328 wrote to memory of 1744	2328	RdrCEF.exe	88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\file-example_PDF_1MB.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=494B564E6CA813BA68EA24DF4C3A6EA7 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2416
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=102BE83106585140E3A367E3063C6291 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=102BE83106585140E3A367E3063C6291 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BA723E5FF4019536E69BD53EE43A87E --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4664
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B67BCA5F705F254C9AE4B019A586102 --mojo-platform-channel-handle=1932 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1680
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F4BDC9DC5519DDD7B4896375F361DCFF --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1184
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=61F2824EB30553AF9C05EEF8EC0072C6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=61F2824EB30553AF9C05EEF8EC0072C6 --renderer-client-id=7 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
66950b82189690791c8d6997e5dc97ed

SHA1
4e1fb41e84a7bf78d92124ffba23c4c3141fdca1

SHA256
4ea532d70948dd543d45f1497e7635bd04b9a783f9845ae87439c7bf27db6c9e

SHA512
bc5cae59928247a276515bba7a4bb72cc1d31ea741ae90e7894c0642195040433784dc4b2470d55cda9ed746dec038a9677551dba47545a0e441aa7340f36ec9

Download Submit