ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f

General

Target

ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe
Size

2.6MB
MD5

51ea28f4f3fa794d5b207475897b1eef
SHA1

9eef49fc724b9f40be795a80bc6363eb0c6b6dd6
SHA256

ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f
SHA512

72678ef9d7ac623a85b23bd20f28499b851ef72c18c652ed200ad58562dd23796f8e7388b039fbc872e4e616b67900dd832172b5838b444405a28cae703dacdf

Score

8^/10

link pdf

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

oracle.exeoracle.exe

pid process

2804 oracle.exe
392 oracle.exe

pid	process
2804	oracle.exe
392	oracle.exe

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\382142.pdf	pdf_with_link_action

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000_Classes\Local Settings	ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

AcroRd32.exe

pid	process
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe
664	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

664 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

664 AcroRd32.exe
664 AcroRd32.exe
664 AcroRd32.exe
664 AcroRd32.exe
664 AcroRd32.exe
664 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exeoracle.exeoracle.exeAcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 2664 wrote to memory of 2804	2664	ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe	oracle.exe
PID 2664 wrote to memory of 2804	2664	ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe	oracle.exe
PID 2664 wrote to memory of 2804	2664	ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe	oracle.exe
PID 2804 wrote to memory of 392	2804	oracle.exe	oracle.exe
PID 2804 wrote to memory of 392	2804	oracle.exe	oracle.exe
PID 2804 wrote to memory of 392	2804	oracle.exe	oracle.exe
PID 2664 wrote to memory of 664	2664	ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe	AcroRd32.exe
PID 2664 wrote to memory of 664	2664	ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe	AcroRd32.exe
PID 2664 wrote to memory of 664	2664	ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe	AcroRd32.exe
PID 392 wrote to memory of 1944	392	oracle.exe	cscript.exe
PID 392 wrote to memory of 1944	392	oracle.exe	cscript.exe
PID 392 wrote to memory of 1944	392	oracle.exe	cscript.exe
PID 664 wrote to memory of 2204	664	AcroRd32.exe	RdrCEF.exe
PID 664 wrote to memory of 2204	664	AcroRd32.exe	RdrCEF.exe
PID 664 wrote to memory of 2204	664	AcroRd32.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2124	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2444	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2444	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2444	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2444	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2444	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2444	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2444	2204	RdrCEF.exe	RdrCEF.exe
PID 2204 wrote to memory of 2444	2204	RdrCEF.exe	RdrCEF.exe

C:\Users\Admin\AppData\Local\Temp\ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe
"C:\Users\Admin\AppData\Local\Temp\ca0b804c30052456362fe22ae6fa8482f91651c2c18dc41cda4c6e282fdede6f.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\Temp\oracle.exe
"C:\Users\Admin\AppData\Local\Temp\oracle.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2804

C:\Users\Admin\AppData\Local\Temp\oracle.exe
"C:\Users\Admin\AppData\Local\Temp\oracle.exe" -m 1
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:392

C:\Windows\SysWOW64\cscript.exe
cscript.exe /B /NOLOGO .\1.vbs
4⤵
PID:1944

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\382142.pdf"
2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:664

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
- Suspicious use of WriteProcessMemory
PID:2204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9DE033BDDCB202CEDFE67EC97981DD96 --mojo-platform-channel-handle=1672 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2124

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D7B8DD5A4B0A4DA750515DDFDCA23401 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D7B8DD5A4B0A4DA750515DDFDCA23401 --renderer-client-id=2 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job /prefetch:1
4⤵
PID:2444

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=802C2E2E515369045FE7891746C6990A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=802C2E2E515369045FE7891746C6990A --renderer-client-id=4 --mojo-platform-channel-handle=2112 --allow-no-sandbox-job /prefetch:1
4⤵
PID:2992

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4E571EF748ED155FA6329F583BC1DB58 --mojo-platform-channel-handle=2500 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:3232

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FD1F1302318A5E82A49871C0C072E347 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:3568

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=92E4363E6815066389CC1C08AB86FCDF --mojo-platform-channel-handle=1676 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:3256

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.vbs
MD5
38c084f65cd7bcd0fe8c937e6280fe1d

SHA1
9fcb1cfe8c3f1b5015fd6d157191b223392fb339

SHA256
202c88eda9dfdc48e94e08d5fce93590d0621c9c303b4d5b77dcb16018e0429b

SHA512
c402028a60dba2381a3bc6af021154b016067ee9198b05beadc9d2db016b9bbdd5de2dbf47cac34ae9cb3be5c5905de807111f28b63db69191be9f3e7e71e5f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\382142.pdf
MD5
0b246279b248dd1960e923a35663b8db

SHA1
c926ed463c8d41ac73f8c32a87164e22971c4865

SHA256
847710262dd6ce7a85d1b33aad47381a623138cc598d6a1d68da88b3afa816c0

SHA512
67b70a015ed3eb8dc04c78354309d6a71c2a2ea121e4740fa6219522a151e345b43ce2f7b0975f454979ec4408ae0d9d777f846a2a09b8f92b8763912cdbce5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\oracle.exe
MD5
964e4b516d72b7717aabb71ad7cc7bf6

SHA1
2e27c59f0cf0dbf81466cc63d87d421b33843e87

SHA256
1d4ac97d43fab1d464017abb5d57a6b4601f99eaa93b01443427ef25ae5127f7

SHA512
1ff1cc2586755ed89902a7450856b3b082783ab060a0799503c5dbe0981ff9e640c6a404e09e4d7a2d79dc719449082b4d29891d620ed35767dfd967fcf16563

Download Submit
C:\Users\Admin\AppData\Local\Temp\oracle.exe
MD5
964e4b516d72b7717aabb71ad7cc7bf6

SHA1
2e27c59f0cf0dbf81466cc63d87d421b33843e87

SHA256
1d4ac97d43fab1d464017abb5d57a6b4601f99eaa93b01443427ef25ae5127f7

SHA512
1ff1cc2586755ed89902a7450856b3b082783ab060a0799503c5dbe0981ff9e640c6a404e09e4d7a2d79dc719449082b4d29891d620ed35767dfd967fcf16563

Download Submit
C:\Users\Admin\AppData\Local\Temp\oracle.exe
MD5
964e4b516d72b7717aabb71ad7cc7bf6

SHA1
2e27c59f0cf0dbf81466cc63d87d421b33843e87

SHA256
1d4ac97d43fab1d464017abb5d57a6b4601f99eaa93b01443427ef25ae5127f7

SHA512
1ff1cc2586755ed89902a7450856b3b082783ab060a0799503c5dbe0981ff9e640c6a404e09e4d7a2d79dc719449082b4d29891d620ed35767dfd967fcf16563

Download Submit
memory/392-118-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2124-124-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/2444-126-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/2992-132-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/3232-137-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/3256-143-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download
memory/3568-140-0x0000000076FE2000-0x0000000076FE3000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads