Analysis
-
max time kernel
136s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
19-02-2022 22:15
Behavioral task
behavioral1
Sample
78a5d2678edba94c2d9e05cc4385087ef5e0027ce1f03ec215d9f80c82a5cead.pdf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
78a5d2678edba94c2d9e05cc4385087ef5e0027ce1f03ec215d9f80c82a5cead.pdf
Resource
win10v2004-en-20220113
General
-
Target
78a5d2678edba94c2d9e05cc4385087ef5e0027ce1f03ec215d9f80c82a5cead.pdf
-
Size
765KB
-
MD5
7a016c37fa50989e082b7f1ca2826f04
-
SHA1
5899a60848e73f616b777e93b42e8f6925c3a3fc
-
SHA256
78a5d2678edba94c2d9e05cc4385087ef5e0027ce1f03ec215d9f80c82a5cead
-
SHA512
bcd458a0ee35f47febadca84ddf2040fde76a9ac5cc5ce03872f6541fcb1ffe04afaf940f6d0cf34c3129d3c339e9b749489f05097aae857ec39a5e217fe460d
Malware Config
Signatures
-
Drops file in Windows directory 6 IoCs
Processes:
svchost.exedescription ioc process File opened for modification C:\Windows\WindowsUpdate.log svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\DataStore.edb svchost.exe File opened for modification C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm svchost.exe File opened for modification C:\Windows\SoftwareDistribution\ReportingEvents.log svchost.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
AcroRd32.exepid process 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
svchost.exedescription pid process Token: SeShutdownPrivilege 2196 svchost.exe Token: SeCreatePagefilePrivilege 2196 svchost.exe Token: SeShutdownPrivilege 2196 svchost.exe Token: SeCreatePagefilePrivilege 2196 svchost.exe Token: SeShutdownPrivilege 2196 svchost.exe Token: SeCreatePagefilePrivilege 2196 svchost.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 3636 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 3636 AcroRd32.exe 5084 AdobeARM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 3636 wrote to memory of 3924 3636 AcroRd32.exe RdrCEF.exe PID 3636 wrote to memory of 3924 3636 AcroRd32.exe RdrCEF.exe PID 3636 wrote to memory of 3924 3636 AcroRd32.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 2176 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe PID 3924 wrote to memory of 3544 3924 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\78a5d2678edba94c2d9e05cc4385087ef5e0027ce1f03ec215d9f80c82a5cead.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FBF958ED2758121ECFF64E2E1352439C --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7B64DD72F03249FC4AE24C98DB9E0090 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7B64DD72F03249FC4AE24C98DB9E0090 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=53C9845BFD3792339B1FD69694BCF57B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=53C9845BFD3792339B1FD69694BCF57B --renderer-client-id=4 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5F187CC387E1732EAB24BB2EBBB49F7D --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=385044B8C381D8A501C5DFC2FD88F5B1 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=61C5344AFF4899C60506694BA0F698A8 --mojo-platform-channel-handle=2760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=29C8F2A143B3CC2C2AB38472A2D5F8E7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=29C8F2A143B3CC2C2AB38472A2D5F8E7 --renderer-client-id=10 --mojo-platform-channel-handle=2776 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:32⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6MD5
e99469397627c41aef00f99f82cf1a7b
SHA106a3117b721df53ccd80f9857a2378efd7bef92c
SHA256ad985aba0f0ef656cde462832d0ae8205c43e39b5ecaa7908589d91411f66ca0
SHA512e70501169037f1a3ada990a18551d4153b9e3e34b0171a0367bfec25920a38e89d7352ca2eb2dc4832bf2308b69fd939aef13425c65afddf9d476885a6ecb9bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6MD5
a506b66b42e60b9bb8e59cd211fcb64b
SHA173a298f529c41d143a662f5389d222dea8d78cab
SHA25629f61c2983ceaab5a44a7b9ad822ff5e3b233727bc1fb4a437a0120a0af06655
SHA51238a29c883de7188ba4bedf4a59a85652e3a2f8809aee92640f36eb54a1221d6477ec55c42ea3bf73b1309397034cda05645bad267ae72d45f45d8e7f15e14669
-
memory/2196-134-0x00000223FF5E0000-0x00000223FF5F0000-memory.dmpFilesize
64KB
-
memory/2196-133-0x00000223FED50000-0x00000223FED60000-memory.dmpFilesize
64KB
-
memory/2196-135-0x00000223FFAD0000-0x00000223FFAD4000-memory.dmpFilesize
16KB