936f67131ef72d448d6e3f2797b2682e7f0c10db801ba318f5f6610be7d7af23

General

Target

1d28ef8c22dddec0bdecd8a36f4d785139d8f939.pdf
Size

66KB
MD5

41cd59f0aac42b84a8b57a1bbeb8a195
SHA1

1d28ef8c22dddec0bdecd8a36f4d785139d8f939
SHA256

936f67131ef72d448d6e3f2797b2682e7f0c10db801ba318f5f6610be7d7af23
SHA512

6553fb30e75d779d66329681bd532c3a69fe671d2a6ac655aaa47debaff395229e9e0fd3a5f7c0b2b6eb49784438875fada58b0c0088b66942e6e4adc6e76d2f

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

AcroRd32.exe

pid	process
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe
2128	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

2128 AcroRd32.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

2128 AcroRd32.exe
2128 AcroRd32.exe
2128 AcroRd32.exe
2128 AcroRd32.exe
2128 AcroRd32.exe
2128 AcroRd32.exe
2128 AcroRd32.exe
924 AdobeARM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 2128 wrote to memory of 3548	2128	AcroRd32.exe	RdrCEF.exe
PID 2128 wrote to memory of 3548	2128	AcroRd32.exe	RdrCEF.exe
PID 2128 wrote to memory of 3548	2128	AcroRd32.exe	RdrCEF.exe
PID 2128 wrote to memory of 4256	2128	AcroRd32.exe	RdrCEF.exe
PID 2128 wrote to memory of 4256	2128	AcroRd32.exe	RdrCEF.exe
PID 2128 wrote to memory of 4256	2128	AcroRd32.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1728	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe
PID 3548 wrote to memory of 1992	3548	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\1d28ef8c22dddec0bdecd8a36f4d785139d8f939.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3548

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F81AE75CB1AD80C054E426F885096B31 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1728

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DF9796A68DB6D72447A98377E03EA14B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DF9796A68DB6D72447A98377E03EA14B --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1992

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DB76C74B438A3B1ADAAF940F9A692BB5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DB76C74B438A3B1ADAAF940F9A692BB5 --renderer-client-id=4 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2928

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0C7BB2782C1908CE4F2527D26AC2567B --mojo-platform-channel-handle=2560 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4716

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0EF1FEC37FF23B25DB7D4EA87C6C3B80 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1060

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=43286A5009423FD00224CDE277540C07 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2408

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F031E80ADE76DDF56FF1241D8DECEEDB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F031E80ADE76DDF56FF1241D8DECEEDB --renderer-client-id=10 --mojo-platform-channel-handle=2724 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1288

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:4256

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious use of SetWindowsHookEx
PID:924

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
PID:2552

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\ARM\Reader_19.010.20069\AcroRdrDCUpd1901020098.msp
MD5
3404522672187ad49ad74aec689075c0

SHA1
af6b91326f443b04088cd3718b93334a7247ce1a

SHA256
0ef813051b890501283103fb2999aaa01438227b681dcf711d09c10c5846d72d

SHA512
35d47d228977ae3e77b1510e67fc082da37a39f346a23d4d5f65d91ac46ae51581ccb3c507efe6b33a8ac26af11e58ee2128f98a16ba4b1f2bf9b14e70389f18

Download Submit
C:\ProgramData\Adobe\ARM\Reader_19.010.20069\ReaderDCManifest2.msi
MD5
6f014505b038aa70695dc6557662df8b

SHA1
25607777270af2b0a38da97d8d98ab9bc7926980

SHA256
52040d7492e91856c658e4779bdc2de38a81f47e5136d9a772f4559178fbe7fc

SHA512
25c53e4b7c273b3699be727e5a6688dbfad7b6633d78d29e753bc3446b8e2b5e8c752a8842870264fe10a2b3a0246c335bea7457daa289faec67f7ca7c2aaac0

Download Submit
memory/2552-154-0x00000151477A0000-0x00000151477B0000-memory.dmp

Filesize
64KB

Download
memory/2552-155-0x0000015148170000-0x0000015148180000-memory.dmp

Filesize
64KB

Download
memory/2552-156-0x000001514A720000-0x000001514A724000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads