Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 18:45
Static task
static1
Behavioral task
behavioral1
Sample
[Untitled]-1.pdf
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
[Untitled]-1.pdf
Resource
win10v2004-20240508-en
General
-
Target
[Untitled]-1.pdf
-
Size
125KB
-
MD5
b51adf1e0aef55636d43d7f28b064962
-
SHA1
44f24209a0eb93ac77d3e68f72906c570f5cfb3d
-
SHA256
53f8210e8c988ef81aeab6870c0a20c06ba4611bda38337dd612840886627012
-
SHA512
bf88b9fdfa13445f7ae9ab68f59689e3cdfe7e9f62bbb1d1d2860dc52f1c8a3805216687113684fe00b5fcc9436d2d602b3dda464d5f18edf0c09782c4a432a4
-
SSDEEP
3072:X72n73hN1Xm5PDCCOGnyDAIKqNjPlM4qGtLGU2VQ9B:X7273j12POGnyDACG4qGtx2VMB
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 1436 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 1436 AcroRd32.exe 1436 AcroRd32.exe 1436 AcroRd32.exe 1436 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 1436 wrote to memory of 4780 1436 AcroRd32.exe RdrCEF.exe PID 1436 wrote to memory of 4780 1436 AcroRd32.exe RdrCEF.exe PID 1436 wrote to memory of 4780 1436 AcroRd32.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 4552 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe PID 4780 wrote to memory of 312 4780 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\[Untitled]-1.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1436 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4780 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AA94C727820D0D8AC30D4567527A65A7 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4552
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9F1E3BF526D066F2C1DDDB8B9E630C42 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9F1E3BF526D066F2C1DDDB8B9E630C42 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵PID:312
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=601FC8AE673AB5B4B4019F35D5BADCAA --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:512
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DBD95AB5A87F2F5D6BA7FA12D0EA6C95 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2288
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0A0372A7A2DE075B86826D45853672CC --mojo-platform-channel-handle=2360 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1368
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5D3961CC1E7A567B488A2DBC86963068 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5D3961CC1E7A567B488A2DBC86963068 --renderer-client-id=7 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job /prefetch:13⤵PID:4908
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5daeb49899fc9d2714777901a9ff8f8
SHA165d8a8a8a5572dc795d96a0ddc9b070981af7fe2
SHA256595f6db094b4ba751ae3a677d5129e48bae9a0f1e9d6016806fef2ecd4ecb60c
SHA51289cf6ca906735856e395306c192deb4d99f58292619ee60c1e047b7dfff4b6936d126f4d1c3d72e7a0507cc0a9f360f8391075da6cd77d1987d256d78676a9d8