4800bfc3e588e8dbcd36ad4b3f3a9a489ed825989cd5cd55bb7eb3b76dff39cb

General

Target

O26_Faktura_indywidualna_000-0.pdf
Size

250KB
MD5

04fb30b950646cf7169264492985aa22
SHA1

c358702458877e0902b169b49d10600aa30aa155
SHA256

d148dbc1b9346b504bbe83773b9da25804a02ce7ad4d05637fb3d5beb7663273
SHA512

065b6754d125027ec68d8e9a69ab5d883d2d62d5af9ef62a39e5d5ac6b927f58b811ecfedc4116526d9b5d2a0f3916c9985a6ca4d714f5d51e161d00d1851baf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-157025953-3125636059-437143553-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-157025953-3125636059-437143553-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-157025953-3125636059-437143553-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid	process
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3848	AdobeARM.exe
3848	AdobeARM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3316 AcroRd32.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid	process
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3316	AcroRd32.exe
3848	AdobeARM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 3316 wrote to memory of 3916	3316	AcroRd32.exe	AdobeCollabSync.exe
PID 3316 wrote to memory of 3916	3316	AcroRd32.exe	AdobeCollabSync.exe
PID 3316 wrote to memory of 3916	3316	AcroRd32.exe	AdobeCollabSync.exe
PID 3916 wrote to memory of 4768	3916	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3916 wrote to memory of 4768	3916	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3916 wrote to memory of 4768	3916	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4768 wrote to memory of 3700	4768	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4768 wrote to memory of 3700	4768	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4768 wrote to memory of 3700	4768	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3316 wrote to memory of 4584	3316	AcroRd32.exe	RdrCEF.exe
PID 3316 wrote to memory of 4584	3316	AcroRd32.exe	RdrCEF.exe
PID 3316 wrote to memory of 4584	3316	AcroRd32.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 2640	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe
PID 4584 wrote to memory of 5072	4584	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\O26_Faktura_indywidualna_000-0.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3316

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:3916

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3916
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4768

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:3700

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:4584

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=390260312FEF6D101870A0D65FA5ED17 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2640

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=16A143CCA5FE5279A5B5E7C9AEF4872B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=16A143CCA5FE5279A5B5E7C9AEF4872B --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5072

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A778E93CAE84D26138B5BF6FC2CE3CC3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A778E93CAE84D26138B5BF6FC2CE3CC3 --renderer-client-id=4 --mojo-platform-channel-handle=2172 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5016

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=03FB75D6FE57CBF18ECF038C6713EA54 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:224

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=46E5023D0C4B6E6847FF3ED04B23C645 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4044

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BA343841C9B5406D309842E2318C5022 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4520

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3848

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
e0450b9fe221b874ac745f8d764a120f

SHA1
72073a560331b043eca7e0e7946d87bc66342548

SHA256
bf10ad8d3a4a329a3d3e3151791d31afb355a43e4d614b4f6ef04a6761ef69af

SHA512
2d50cf1f38308fc4d893a323426dfbca9a9fb2f0cda6109bde8f4c6e77edcb7be2943f994cd3daecb48b1486c2e274e0cd433ff335f97fa885c60e7e89b1fcc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
8ea2d251ea8709e0609e551b2197a051

SHA1
3c90b4fd3ef65e3564ce254261540f56ac7be16f

SHA256
d5a036f6075d7148b23fed4c2407bc9bb6ec7e45a2d9abcfe422990c453ca7bb

SHA512
312a8f93eef3bbdadb12f9b547954f2fad8b143724c186aa6657c0c83c85f8b473b551ded2415f45b6c8caea7eb563e6e4215eb7f4ff66ab55c7ba7177b88099

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.0MB

MD5
9cec97c16e3a5dbe230626186c3d1be2

SHA1
c73e12e7cbec07090f9e7a81dbf4f64fedb095c4

SHA256
a41aa6977dfa88c854196d12262d7685044c7634b58ca690c91a094e41554bff

SHA512
d53b2dde46495ad6698c3094ca72f7106cdeb97f298caec492992b35c0c76094603744d66469080069d3d192c27256e687faea146c7f63bb215f92d3f034c860

Download Submit
memory/224-147-0x0000000000000000-mapping.dmp

Download
memory/2640-134-0x0000000000000000-mapping.dmp

Download
memory/3564-156-0x0000000000000000-mapping.dmp

Download
memory/3700-131-0x0000000000000000-mapping.dmp

Download
memory/3848-155-0x0000000000000000-mapping.dmp

Download
memory/3916-124-0x0000000000000000-mapping.dmp

Download
memory/4044-150-0x0000000000000000-mapping.dmp

Download
memory/4520-153-0x0000000000000000-mapping.dmp

Download
memory/4584-132-0x0000000000000000-mapping.dmp

Download
memory/4768-125-0x0000000000000000-mapping.dmp

Download
memory/5016-142-0x0000000000000000-mapping.dmp

Download
memory/5072-137-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads