c5fb355fcc6113e7bf6d914627f29e57abc5f2796fbdd30f32cbf2251a4edc5b

General

Target

fffb0695218b67f473557a3d1c300e56_JaffaCakes118.pdf
Size

82KB
MD5

fffb0695218b67f473557a3d1c300e56
SHA1

6d8d7dfd44f3fab9b7285a433e35dee98e9aeceb
SHA256

c5fb355fcc6113e7bf6d914627f29e57abc5f2796fbdd30f32cbf2251a4edc5b
SHA512

ad004bde17b9ecf3e625492d7ab9e2417d0d9788724b795f3f166bd9e5c940f2e57a04be4bc716aeba30a0b8800b11ebb7d7a3856c0387f1aa831ca87109076a
SSDEEP

1536:TJH1s2hYTu5vkAKQS4D474yppMQNZW4qQ65mW5vgt8tyHQblS4DxGcW8pO+q3f11:NnhYTu5vkAKNrppMQNZV7egtHQblLdG/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

1228 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

1228 AcroRd32.exe
1228 AcroRd32.exe
1228 AcroRd32.exe
1228 AcroRd32.exe
1228 AcroRd32.exe
1228 AcroRd32.exe

pid	process
1228	AcroRd32.exe

pid	process
1228	AcroRd32.exe
1228	AcroRd32.exe
1228	AcroRd32.exe
1228	AcroRd32.exe
1228	AcroRd32.exe
1228	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 1228 wrote to memory of 2136	1228	AcroRd32.exe	RdrCEF.exe
PID 1228 wrote to memory of 2136	1228	AcroRd32.exe	RdrCEF.exe
PID 1228 wrote to memory of 2136	1228	AcroRd32.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 3464	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe
PID 2136 wrote to memory of 2968	2136	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fffb0695218b67f473557a3d1c300e56_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1228

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:2136

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=46907B94B75FD14AEC43B323296251FE --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3464

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F70068A6C1FC5B29E6D3AFCEB28159B2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F70068A6C1FC5B29E6D3AFCEB28159B2 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2968

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=84C652C2E6098362C4A38F2E03D35BB0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=84C652C2E6098362C4A38F2E03D35BB0 --renderer-client-id=4 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3728

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=217B89DA89EE924CEB627880E739E312 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5656

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3275A1ED88AC0AD774605008C3724D68 --mojo-platform-channel-handle=2596 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2208

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3BE92AF5CE1C66029815DF122291E111 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3BE92AF5CE1C66029815DF122291E111 --renderer-client-id=7 --mojo-platform-channel-handle=1996 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1556

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F0CDBF98B68CF49CDA7A4C0421AC8BBD --mojo-platform-channel-handle=2984 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
268c53abde0423fab4f19aad81123643

SHA1
74bc651e066ad5b9bcf71c6f31cc18f7fdecbccf

SHA256
3c5bd7bff7e53f0746fd91673f10e8ac54c2a426b77d638443edce061ad696c9

SHA512
b7add7b5adfc1e0e9f8084c779aeb415aa243b72f7f4d9279108b0584de60b610f1edb60fde106494274ebfde4d69cde0c3998017215031e553e58f39ccec7af

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
ab2f221f35be3ebe1d0e616aa623f1d8

SHA1
e352db191ad60ebefd6c2435bb34bac288c20cb5

SHA256
463da4b940fd5717b1540e1dd4b8a40b6d2d7ab047e7f255dc0c5f0d08b70c98

SHA512
6880fc0b4ec58982a1c0c802cecd9335d0df5549188355646ef29c71570900f194fb543dbe23cba8233af601d5c32e62a23164acf969e840833663453afb99b0

Download Submit
memory/1228-34-0x000000000ADE0000-0x000000000AE01000-memory.dmp

Filesize
132KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads