9d80b3bc649e2d49de1a6ebe29c69ef66ecaae39307d1713a900720bc204120b

General

Target

Comprobante_Fiscal_Digital.pdf
Size

23KB
MD5

bc23de1e7d7774f4714394419b7f56ed
SHA1

fbeb9f7a7a058f49ee9cc13bd6430d07b1843ff3
SHA256

f230c757f010bea596a13a00699349a05426d7c9767276a425014226a0b1c9f4
SHA512

0626fb48dacb5d601ab8e623c5b50959d471b9f266a247768bd5dd4094f04c19b9ca52cfcb604adc7cbad7ddc3f40a0b87ce3ed89fe4aff35ab8c67e72d4a2d5
SSDEEP

384:R5rSUO8UG69QAs74cBG+n8TiJCw3XgsQeSNke5bkzq9FtcNLScjuCkwJXb0XbA/T:R52l8L6GrG+xJzQsbSCM9XkLHCibMbAb

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

AcroRd32.exe

pid	process
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe
4500	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

4500 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4500 AcroRd32.exe
4500 AcroRd32.exe
4500 AcroRd32.exe
4500 AcroRd32.exe
4500 AcroRd32.exe
4500 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4500 wrote to memory of 4356	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 4356	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 4356	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 2276	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 2276	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 2276	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 4328	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 4328	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 4328	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 4992	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 4992	4500	AcroRd32.exe	RdrCEF.exe
PID 4500 wrote to memory of 4992	4500	AcroRd32.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 4232	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe
PID 4992 wrote to memory of 1100	4992	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Comprobante_Fiscal_Digital.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4500

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:4356

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:2276

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:4328

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:4992

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=81977FAC3E80C8493B51C7022C875846 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4232

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B3510A129C2ACEA452B3056A9E791C88 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B3510A129C2ACEA452B3056A9E791C88 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1100

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=10619298B4D4A2544792C03D999CEC8C --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4552

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=11537C44FDA0CE1493B5E64B5F93322B --mojo-platform-channel-handle=1812 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3220

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F6020DB3E7B05A385796AE75EACC8EA8 --mojo-platform-channel-handle=2120 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3608

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:3596

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DDFAC9C1545C2BD59EFC2195E6E244C7 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4980

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=33C070CCD1742A179C29AD02E7E25937 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=33C070CCD1742A179C29AD02E7E25937 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2212

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B15F7C4C80702E22714048A6942EBFE --mojo-platform-channel-handle=2164 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5064

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B29E5239C853C4585759111ACFA50CD --mojo-platform-channel-handle=1980 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1764

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6F4226B89D455CB4C210DFFDE5630E7A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6F4226B89D455CB4C210DFFDE5630E7A --renderer-client-id=6 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1180

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C8799782E462ABA1F51A589166F09437 --mojo-platform-channel-handle=2456 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
Filesize
128KB

MD5
6b3e40fc8616da38815ea2c28fbabd01

SHA1
6b72ca9994c97277f6afc401d34355a2ba0c9aad

SHA256
016aa1bde1a3263bfd21a00d76e5e46cfa2c77ef82524a444712cb83b9f92a8b

SHA512
70c4ea4863b7ecdfd68db0147a63f2797948bb4a3ef458e045402c71a966e4eefb9e0917148882761a45c5ef3986e12a8348d80f002e6b46230948e4bf1d05ca

Download Submit
memory/1100-140-0x0000000000000000-mapping.dmp

Download
memory/1180-170-0x0000000000000000-mapping.dmp

Download
memory/1664-175-0x0000000000000000-mapping.dmp

Download
memory/1764-167-0x0000000000000000-mapping.dmp

Download
memory/2212-159-0x0000000000000000-mapping.dmp

Download
memory/2276-133-0x0000000000000000-mapping.dmp

Download
memory/3220-148-0x0000000000000000-mapping.dmp

Download
memory/3596-153-0x0000000000000000-mapping.dmp

Download
memory/3608-151-0x0000000000000000-mapping.dmp

Download
memory/4232-137-0x0000000000000000-mapping.dmp

Download
memory/4328-134-0x0000000000000000-mapping.dmp

Download
memory/4356-132-0x0000000000000000-mapping.dmp

Download
memory/4552-145-0x0000000000000000-mapping.dmp

Download
memory/4980-156-0x0000000000000000-mapping.dmp

Download
memory/4992-135-0x0000000000000000-mapping.dmp

Download
memory/5064-164-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads