9e410231d0fbfb9afb1fef1f411588a9f07307ef0114457f53112aa729dc4f6a

Analysis

max time kernel
94s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 15:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9e410231d0fbfb9afb1fef1f411588a9f07307ef0114457f53112aa729dc4f6a_NeikiAnalytics.pdf
Size

5KB
MD5

b7bd1fcb0615c5b7f066f13131402cd0
SHA1

047c21f4ee1de3f96d103bd5b725e82a01f7f631
SHA256

9e410231d0fbfb9afb1fef1f411588a9f07307ef0114457f53112aa729dc4f6a
SHA512

2d03b1ef68d68e21111570fe92f7fcff7e3bc92aff80af60a0cfb7e09204a8abbba4677db139c921ec84da3902223427f6093abb1cde75d8b543ef871c17c1f4
SSDEEP

96:em6x4YkE56koyA4HXaRznUM2KssY9mXt+3e56TSHtbR2rB7HX503CkhwZUzNAwUH:ebx49tgXXaRrte98t+ER1kB7HX6e3w1a

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3984	AcroRd32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3984	AcroRd32.exe
3984	AcroRd32.exe
3984	AcroRd32.exe
3984	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 3476	3984	AcroRd32.exe	82
PID 3984 wrote to memory of 3476	3984	AcroRd32.exe	82
PID 3984 wrote to memory of 3476	3984	AcroRd32.exe	82
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 3948	3476	RdrCEF.exe	85
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86
PID 3476 wrote to memory of 2188	3476	RdrCEF.exe	86

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\9e410231d0fbfb9afb1fef1f411588a9f07307ef0114457f53112aa729dc4f6a_NeikiAnalytics.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3476
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=76CC1D81A24F1FDF9C5DE8EE19DB83BD --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B17668F9330BDC79B70D4F3FD62F1081 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B17668F9330BDC79B70D4F3FD62F1081 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2188
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FD05066CD12ADEBB2763A64CBFA631A1 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2852
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A0CB9DB91954FC79D2CF1336E5C2EA95 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1984
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=812135B24BEDF8801DF834564A1CE43A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=812135B24BEDF8801DF834564A1CE43A --renderer-client-id=6 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4468
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C6AC0FE5BE584F52771A414AA7B1169C --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b957029625a556618df78d9889fe4695

SHA1
3df9f00c8d55bc29979ee22213c2dc8e7d64b529

SHA256
f84fff48bec980353d71a5b87f2e7c461978698754c2e482d161e81c4074d384

SHA512
179a1a37d6d743d7b62d77ad518816fd080c776998801f8a6f54a25940f81a66d51f5fb6b588339fbcedbdb3ccddfc1810b5273b67cf777c785350693eaa3847

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
39639610e82448a3075a0421aafed13c

SHA1
4b27d93722382ae6f9b5baf3a7a84e03813de71f

SHA256
498c99222a529b215ba6955f0670e84a27f895194df4ccabd69ff20ca34eccb0

SHA512
e0a073b73acbd6126528f8786801445a46f9cea10d28ede28e16f7189555e31ca6462c190711cdad169601ccbe3911385a04f80ce9eca66bb88342e49f99dc9b

Download Submit