800424328f7af3d870f30f538fb8a13ad8d1295b41f913b377bc497d8d04246b

General

Target

612ff8ea6e287d32196af9934f15aee9_JaffaCakes118.pdf
Size

187KB
MD5

612ff8ea6e287d32196af9934f15aee9
SHA1

9faa67d6e205ce7e5dc06148feb74533882ad226
SHA256

800424328f7af3d870f30f538fb8a13ad8d1295b41f913b377bc497d8d04246b
SHA512

7f77c846797eb5af20f102f4b3fccd3062c73d8a2a1de0c89175362a734417c22827ec30bb9e93e92fe41092a01374761f75dc997281f937fa75376a2d20ec0a
SSDEEP

3072:22irbxzGAFYDMxud7fKg3dXVmbOn5uQ6KjnHKnbx6N90mGL/Zpmw5dkTYSC:22MKlWQ7Sg3d4bOFuq2mGIi

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

1916 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe
1916 AcroRd32.exe

pid	process
1916	AcroRd32.exe

pid	process
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe
1916	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 1916 wrote to memory of 860	1916	AcroRd32.exe	RdrCEF.exe
PID 1916 wrote to memory of 860	1916	AcroRd32.exe	RdrCEF.exe
PID 1916 wrote to memory of 860	1916	AcroRd32.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 2656	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe
PID 860 wrote to memory of 1204	860	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\612ff8ea6e287d32196af9934f15aee9_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:860

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=785DF22B2F18B8AAC114E57F9E8EAD80 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2656

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E7C1705BEEE3D743292317951FA4CF39 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E7C1705BEEE3D743292317951FA4CF39 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0A3CB4CE877C3C09ABCBD17BD8AACEAC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0A3CB4CE877C3C09ABCBD17BD8AACEAC --renderer-client-id=4 --mojo-platform-channel-handle=2176 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2456

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6B86F8BBCB464BB1E926D7485206A6BF --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6718726363EFE68DC69AB966DE4D4901 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6718726363EFE68DC69AB966DE4D4901 --renderer-client-id=6 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2268

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8AFED2E707F2F957191E44F3FCB50303 --mojo-platform-channel-handle=3004 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1036

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CE06D939467B214A9FECE9F27FC65CD3 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
554f13fb726e269748eeb9963e07344a

SHA1
c7f4e0f4f009600f5805db42f9ce7d3f0669e45e

SHA256
ddf9c4d0bf942f21c0b7a4511e06a661ddb1f72fd8af0edb71ffb58da0198e85

SHA512
ba422c822fd9b25febe7ed930be0ab0db2aade9c00fe6c55a0fea0fa0a7075a524886f7082bb6206a8a6102ec396facc1080870c3c7dbdb33a44a46514c41153

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5b174b77209e7def426d8bb4f107cb37

SHA1
127dce8310a85d799f270f2093eb2230c9f70e69

SHA256
e1b594361781cd20c8167045c0eeb49ea906eaf2412d77ae0fcf27d4bec07782

SHA512
0386d6c0d3f6a0bf86fc4cb3b2a6ae49f657213b1e0b5798fa2a1a390fcb557729eb5f72f99e1aa95e99d25221d2e1341d8a3b5ef098bdaeabbead83d50a0e02

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads