2c1da7ff4ee3e170aebbbe742f35b442670f5fd3757b2ec7cacf17fb068d1bc3

General

Target

6906c73ca8f5d0a3285ddaf1fbc488cf_JaffaCakes118.pdf
Size

37KB
MD5

6906c73ca8f5d0a3285ddaf1fbc488cf
SHA1

c3571c36e908d9c2cfe733a6a14ba699b914fd04
SHA256

2c1da7ff4ee3e170aebbbe742f35b442670f5fd3757b2ec7cacf17fb068d1bc3
SHA512

62a366ff25b18298162613473310dd580f1278122e52fd77450319c7cb0dd413559c050fb627e6ac755478b7db43d83834c78236bc11b2a1f8a2744b64dae832
SSDEEP

768:hgGzpDsp5iVPKWTkWeolM/LNpZglCftu61EpFn04B8+YdxYDKxTe7UqqdMk:SGFQpUhKWQtpZGCfo61EpFnB8+YXYWRP

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

4828 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4828 AcroRd32.exe
4828 AcroRd32.exe
4828 AcroRd32.exe
4828 AcroRd32.exe
4828 AcroRd32.exe
4828 AcroRd32.exe

pid	process
4828	AcroRd32.exe

pid	process
4828	AcroRd32.exe
4828	AcroRd32.exe
4828	AcroRd32.exe
4828	AcroRd32.exe
4828	AcroRd32.exe
4828	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4828 wrote to memory of 1408	4828	AcroRd32.exe	RdrCEF.exe
PID 4828 wrote to memory of 1408	4828	AcroRd32.exe	RdrCEF.exe
PID 4828 wrote to memory of 1408	4828	AcroRd32.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 852	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe
PID 1408 wrote to memory of 4536	1408	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6906c73ca8f5d0a3285ddaf1fbc488cf_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4828

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1408

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6D85AC5E87F33E9D069867E9905FA1D2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:852

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AE1C16170E6807286A9F9B11C038E3E1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AE1C16170E6807286A9F9B11C038E3E1 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4536

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=862E92E8E3EEEF9B9CF53B89644381BD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=862E92E8E3EEEF9B9CF53B89644381BD --renderer-client-id=4 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4340

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=30057822162733D45BDFB67E30AA4702 --mojo-platform-channel-handle=2656 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4832

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C46A04756603E169EB057BC2AB18F6EB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C46A04756603E169EB057BC2AB18F6EB --renderer-client-id=6 --mojo-platform-channel-handle=2580 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4780

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=40756F5A3BAFB14CD370FB33FB347C94 --mojo-platform-channel-handle=3088 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4612

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DF2981BBDDA82F52916E54F782DA72A7 --mojo-platform-channel-handle=3096 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
17b1f6a7126f755f383a2bea64d11e4a

SHA1
566c5e62ac1ddb20d1a49065c8245bfa65de0b0d

SHA256
934641455ffc83d8d31eb067396b9a4f91b166828095ec75994d1c3fcf848d92

SHA512
75d62f640cbea2fe2d4aa2e64c1bdac9b9295eca800412b5eb18eb9bc9440a5b27b3c2696fb3a884a1f5c8e673605c7afb00c81a5604a7cb67b3308d7a5f87e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
406ddfd36dfdc5644004231faba2b65b

SHA1
9e4924fcca501b3190c355a88bd2b74248dc8fae

SHA256
8e541462830f4ec8c43d982db6b7a8f17e6236c005dd0bc0b7b6cf005e50128d

SHA512
59106d3563de28db247a2513a8f524ede8b5cbd65e21c6062a1c10aaf1adcf93302594f80c36cc3532e90619dfe91e110c33f93fe05889c0fc6b222b4f41307f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads