d90d1310475a83d9cb391ff4bb064aabad3b17b4ef70cb023bf31343e5390061

General

Target

Agenda of Nonalcoholic Steatohepatitis Conference.pdf
Size

446KB
MD5

535f8e25df31cf947b77c7f368e67945
SHA1

5ad6170ccc7ff198363101eab9fc08665f208344
SHA256

d90d1310475a83d9cb391ff4bb064aabad3b17b4ef70cb023bf31343e5390061
SHA512

5cab2756d7987e13bbe9baa285e94b1e4ea9e3afa3ad72836f337eb68dfbe5e658038fd38b2a6a767e7c0ae4f35b43db810ee63f1ccf507ba9ecf05da6ee6ed5

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid	process
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
3196	AcroRd32.exe
4376	AdobeARM.exe
4376	AdobeARM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3196 AcroRd32.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

3196 AcroRd32.exe
3196 AcroRd32.exe
3196 AcroRd32.exe
3196 AcroRd32.exe
3196 AcroRd32.exe
4376 AdobeARM.exe
3196 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 3196 wrote to memory of 1492	3196	AcroRd32.exe	AdobeCollabSync.exe
PID 3196 wrote to memory of 1492	3196	AcroRd32.exe	AdobeCollabSync.exe
PID 3196 wrote to memory of 1492	3196	AcroRd32.exe	AdobeCollabSync.exe
PID 1492 wrote to memory of 4776	1492	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 1492 wrote to memory of 4776	1492	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 1492 wrote to memory of 4776	1492	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4776 wrote to memory of 4196	4776	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4776 wrote to memory of 4196	4776	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4776 wrote to memory of 4196	4776	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3196 wrote to memory of 4980	3196	AcroRd32.exe	RdrCEF.exe
PID 3196 wrote to memory of 4980	3196	AcroRd32.exe	RdrCEF.exe
PID 3196 wrote to memory of 4980	3196	AcroRd32.exe	RdrCEF.exe
PID 3196 wrote to memory of 1632	3196	AcroRd32.exe	RdrCEF.exe
PID 3196 wrote to memory of 1632	3196	AcroRd32.exe	RdrCEF.exe
PID 3196 wrote to memory of 1632	3196	AcroRd32.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4480	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4936	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4936	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4936	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4936	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4936	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4936	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4936	4980	RdrCEF.exe	RdrCEF.exe
PID 4980 wrote to memory of 4936	4980	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Agenda of Nonalcoholic Steatohepatitis Conference.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3196

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:1492

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1492
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4776

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:4196

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:4980

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=118B538743F54A5DBEF6E47789B9D800 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4480

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5DB8D6719B0AD558C55B863ED59EA902 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5DB8D6719B0AD558C55B863ED59EA902 --renderer-client-id=2 --mojo-platform-channel-handle=1772 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4936

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2ED4E0635D94098ADB7F3F9F37765B4D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2ED4E0635D94098ADB7F3F9F37765B4D --renderer-client-id=4 --mojo-platform-channel-handle=2180 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3168

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AC40079B43B9DC976EB6C844BC977940 --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1888

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=400474F897E7FD1740C957A85E6A0BF8 --mojo-platform-channel-handle=1892 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3116

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F6078BA03A2464AE1A39DCE7E9253436 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:1632

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:3760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
0ad3d95e517424c0c23fcc1d3fe08d9c

SHA1
fac510d09dd9df42dc124e2eaacdb8224f1ad827

SHA256
b877fc3cd6924043a2821d3bbbf39f123a5880cff5c7f5fc052b289fe8636450

SHA512
0060ba9883d8b587db8bd4c5cf5f1cbf2077a66925ab91c686384424057a6a9eb8c3a066233696377fbee840882638fcd113d047bfb4087d8615bd4559d25934

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
d1bb5c7e9401f2b342e8390a05bd7b1d

SHA1
c62bc5afb6838dc392d41d3219e4a3152e4efde4

SHA256
d196b70525c3a6454a8f3a763674e4685fe8f69429f8e41d32a1f91b908275d3

SHA512
7056c8df13104e03f54817671b2348f4465b8ca9c882326d27c0c32f38279b7205107950c40cb2a91f2396867babf34e424376d1ad7d4f8d2689262c91401883

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.0MB

MD5
b983ed67c040146ab7210bcfaac312a0

SHA1
3b7842b1511a5a1e05662eaab98151728bb7b74b

SHA256
720573152843a6709627f34cb73a1380f69699e6a60e5211bd352b3d35371f26

SHA512
d41488b488e41088605a3efb8c45664a8e0568534895ba8293ecf90c2b5deb60c803bcb71cecea8d5361ea173c7d0dbcaed6ad000e51bc4285d9ba7d2204b19a

Download Submit
memory/1492-130-0x0000000000000000-mapping.dmp

Download
memory/1632-139-0x0000000000000000-mapping.dmp

Download
memory/1888-154-0x0000000000000000-mapping.dmp

Download
memory/3116-157-0x0000000000000000-mapping.dmp

Download
memory/3168-149-0x0000000000000000-mapping.dmp

Download
memory/3760-163-0x0000000000000000-mapping.dmp

Download
memory/4196-137-0x0000000000000000-mapping.dmp

Download
memory/4204-160-0x0000000000000000-mapping.dmp

Download
memory/4376-162-0x0000000000000000-mapping.dmp

Download
memory/4480-141-0x0000000000000000-mapping.dmp

Download
memory/4776-131-0x0000000000000000-mapping.dmp

Download
memory/4936-144-0x0000000000000000-mapping.dmp

Download
memory/4980-138-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads