ecfa58d5e634b455e20893c02d2341413debf4fd489a6c7272018a54dea6395c

General

Target

882bc06802418236e688fd0757c1f2920ac63cb46ef81fc93c11f8515e7f88c7.pdf
Size

186KB
MD5

48efefe47670992171be1b231c86b98a
SHA1

98b22f7e804775f20a6a9fb580207086985dc891
SHA256

882bc06802418236e688fd0757c1f2920ac63cb46ef81fc93c11f8515e7f88c7
SHA512

382da79944a787fb1f83874c75e6216d62d79bbac716dcd86161e9c986ca504cb06cf3160613c4f9ad1442a72276b5db20231ccc7a734d62e6e7bb2c370dcfac

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid	process
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
4988	AdobeARM.exe
4988	AdobeARM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3592 AcroRd32.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid	process
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
4988	AdobeARM.exe
3592	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 3592 wrote to memory of 4028	3592	AcroRd32.exe	AdobeCollabSync.exe
PID 3592 wrote to memory of 4028	3592	AcroRd32.exe	AdobeCollabSync.exe
PID 3592 wrote to memory of 4028	3592	AcroRd32.exe	AdobeCollabSync.exe
PID 4028 wrote to memory of 3212	4028	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4028 wrote to memory of 3212	4028	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4028 wrote to memory of 3212	4028	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3212 wrote to memory of 2428	3212	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3212 wrote to memory of 2428	3212	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3212 wrote to memory of 2428	3212	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3592 wrote to memory of 2288	3592	AcroRd32.exe	RdrCEF.exe
PID 3592 wrote to memory of 2288	3592	AcroRd32.exe	RdrCEF.exe
PID 3592 wrote to memory of 2288	3592	AcroRd32.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4144	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe
PID 2288 wrote to memory of 4400	2288	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\882bc06802418236e688fd0757c1f2920ac63cb46ef81fc93c11f8515e7f88c7.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3592

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:4028

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4028
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3212

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:2428

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:2288

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=228CB6E51AB9194195B6069F92550CAE --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4144

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7CA30154D4521472F17AA5466FE12A6E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7CA30154D4521472F17AA5466FE12A6E --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4400

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B06B879271043A774CAD4D0DFBC9CFBC --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4356

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F3691BB9BB3DA042FFC3F0ECDC7784F8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F3691BB9BB3DA042FFC3F0ECDC7784F8 --renderer-client-id=5 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4600

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9E4EE8A170803739AA51E415586F5C1C --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2700

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8C456A50B3D5F4E5E9F7E24463E6E8D0 --mojo-platform-channel-handle=2684 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2852

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4988

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
b897393dc536db8c03ee76c23b9417a7

SHA1
64a176218567c46f903209e6438e6e23592111fe

SHA256
cbfbc596e54a79c86f123ecb626a00221b54aad76fe6e2a43ce459275fcb8abc

SHA512
9baed1b114b32e04049fc9872638ed6b37a986e94f8b1696e5c71c35e0ac5a8da4b0a61373d493c5d0d954eb2e656ce32f5451fae6aba6420107504189a83aeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
d713cc3331adbbfeb4a1476c495d0d55

SHA1
ba1904c4580f9b6bc461b7d0209a9f2ae10a5cfd

SHA256
e0da89dc6a2cbaef01f545eeec4e36a24df3a140fa9239f76f449213eec8486e

SHA512
ce4a5f81c632a79bf132e3244796e131faf2c94e5ea5dd328056bdf1220e4a605dfd3b8d8b877422979b954cb078b4b5282c6a413cbda0ae581627256453891e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.0MB

MD5
b983ed67c040146ab7210bcfaac312a0

SHA1
3b7842b1511a5a1e05662eaab98151728bb7b74b

SHA256
720573152843a6709627f34cb73a1380f69699e6a60e5211bd352b3d35371f26

SHA512
d41488b488e41088605a3efb8c45664a8e0568534895ba8293ecf90c2b5deb60c803bcb71cecea8d5361ea173c7d0dbcaed6ad000e51bc4285d9ba7d2204b19a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Filesize
471B

MD5
b72075111c14dec16226a11da2a368ad

SHA1
cd89a371e39fdd19a41688e37763e462a03abda8

SHA256
a17b465e1b2fff49ec854d6df0cd634ec43ee2b3f649b6228a61a90c89cfbe2a

SHA512
adb12be91ec74dcced9f502c183f407aea82be7c1884c0d621c753f660648469fba2f30113b2816df9c3e10e58e4905479cad115801cfc3ac0befcc4f08a75fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Filesize
434B

MD5
c8598500194f7de09a5700d94649c1df

SHA1
5bcfdd69b5459cb40ba3a170cfb532960454163c

SHA256
8af1d6f430c0996da4651462997c0f997d8aa7245ed08c639001becf2778c9c4

SHA512
3dec557d4ce5a8d89866e0c4eddee8d7418075484703de8176029d07cbeeb5216f8a131604a71d722b850ef478c3a58d5df708ebade34a49c0ca6efcc9bb2f6c

Download Submit
memory/2288-138-0x0000000000000000-mapping.dmp

Download
memory/2416-164-0x0000000000000000-mapping.dmp

Download
memory/2428-137-0x0000000000000000-mapping.dmp

Download
memory/2700-156-0x0000000000000000-mapping.dmp

Download
memory/2852-159-0x0000000000000000-mapping.dmp

Download
memory/3212-131-0x0000000000000000-mapping.dmp

Download
memory/4028-130-0x0000000000000000-mapping.dmp

Download
memory/4144-140-0x0000000000000000-mapping.dmp

Download
memory/4356-148-0x0000000000000000-mapping.dmp

Download
memory/4400-143-0x0000000000000000-mapping.dmp

Download
memory/4600-151-0x0000000000000000-mapping.dmp

Download
memory/4988-163-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads