c237b3ca410da44aa7d4d95de75981cbfc528784b1a0703e701827a1421d6dc7

Analysis

max time kernel
87s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

University Physics 15th ed. with Modern Physics, Global Edition.pdf
Size

218.7MB
MD5

8903d3a0b089d80bdf6c1bb55e1a2f43
SHA1

9689fabf71cf9e08c0822f870f22a41a7769f272
SHA256

c237b3ca410da44aa7d4d95de75981cbfc528784b1a0703e701827a1421d6dc7
SHA512

808b36b886238ed738625a2046ebdbf6ed603a3aa1c7220e7ff5697c15ad5e0592d7b998edb73a1b05bc9e412537aa44f495ceb1b4de6c31c37a382376e9caa5
SSDEEP

6291456:+QiMkuElzARGR4227VXZ2ePZC+VeHcOzc5Gf:gJgGN2ZQvce7QUf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
344	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
344	AcroRd32.exe
344	AcroRd32.exe
344	AcroRd32.exe
344	AcroRd32.exe
344	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 344 wrote to memory of 608	344	AcroRd32.exe	89
PID 344 wrote to memory of 608	344	AcroRd32.exe	89
PID 344 wrote to memory of 608	344	AcroRd32.exe	89
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 4080	608	RdrCEF.exe	90
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91
PID 608 wrote to memory of 2924	608	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\University Physics 15th ed. with Modern Physics, Global Edition.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:344
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:608
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C4D5D233F706DC2084BCC24A2473E4D1 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0CDB46F88223BF4EAFBAA46B524B43A2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0CDB46F88223BF4EAFBAA46B524B43A2 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2924
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2FD5C6A94A3A8D38CEAEE463F2134191 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2040
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=04D24A1322331624C60D244B184090A6 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1320
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7F29263E4AEDF8B161EF3862DFF1877C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7F29263E4AEDF8B161EF3862DFF1877C --renderer-client-id=6 --mojo-platform-channel-handle=2112 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2016
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=368212686EFA5E4E78C46EDE5186E53B --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ea73b550791c59737dd39865117c2f62

SHA1
7cd41af697756e1bb677701a4f523e094b88f6e5

SHA256
39d700c8e214cc16656cc4470f1ab5bd9cf230ce0597bec4e5a16aa2f06e7424

SHA512
81b39a6b9cca5f0aa951289569975ea441e900356eaf6f7923ac4760756e2945d87d3208511cbdfe6d9d1d927dd8cc8eaed61ab428771543160ec725dfa6d886

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ed6a52560dcd71c9609031fbab66e606

SHA1
1ce8c6c0afe61a07b5e1129f12389f741844a228

SHA256
226bd0e734da734eb128e7ad40dbeb6433e9037517f021d7392cbb20c2784fe0

SHA512
4daac8c950949dfcb0a5c1aac01a6914809d3e4d01bac23c9f7b2d3c693d3705e7c79285d935b762498f23f5ff0232208eb0a08abddce9460c24166e5db593a2

Download Submit